Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-48837
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
Phpjabbers Car Rental Script 3.0
5.4
CVSSv3
CVE-2023-48838
Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.
Phpjabbers Appointment Scheduler 3.0
NA
CVE-2009-3718
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote malicious users to execute arbitrary SQL commands via the UserName parameter.
Davethewebguy Battle Blog 1.30
Davethewebguy Battle Blog 1.25
1 EDB exploit
NA
CVE-2009-3719
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote malicious users to inject arbitrary web script or HTML via a comment.
Davethewebguy Battle Blog 1.25
Davethewebguy Battle Blog 1.30
1 EDB exploit
NA
CVE-2003-1453
Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 up to and including 1.3.9 and XOOPS 2.0 up to and including 2.0.1 allows remote malicious users to inject arbitrary web script or HTML via a javascript: URL in an IMG tag.
Xoops Xoops 2.0.1
Xoops Xoops 1.3.9
Xoops Xoops 2.0
Xoops Xoops 1.3.5
Xoops Xoops 1.3.6
Xoops Xoops 1.3.7
Xoops Xoops 1.3.8
1 EDB exploit
NA
CVE-2011-1524
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) prior to 2.3 allows remote malicious users to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the e...
Symantec Liveupdate Administrator 2.2.2
Symantec Liveupdate Administrator 2.2.1
Symantec Liveupdate Administrator 2.1.3
Symantec Liveupdate Administrator 2.1.2
Symantec Liveupdate Administrator 2.1.0
Symantec Liveupdate Administrator
1 EDB exploit
NA
CVE-2002-1453
Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote malicious users to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message.
Mywebserver Mywebserver 1.0.2
1 EDB exploit
NA
CVE-2008-6200
Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry.
Wiki Swiki 1.5
1 EDB exploit
NA
CVE-2007-5918
Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an ar...
Ms Topsites Ms Topsites
1 EDB exploit
NA
CVE-2007-6136
Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote malicious users to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a cr...
M2scripts My Space Scripts Poll Creator 0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »