Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-15608
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
Manageengine Admanager Plus 6.5.7
1 EDB exploit
NA
CVE-2008-5891
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader prior to 2.1.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
Injader Injader 2.0.2
Injader Injader
Injader Injader 2.1.0
Injader Injader 2.0.3
Injader Injader 1.6.1
1 EDB exploit
NA
CVE-2010-1327
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
Tornadostore Tornadostore
1 EDB exploit
NA
CVE-2013-4888
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote malicious users to inject arbitrary web script or HTML via the layout parameter in the layout page.
Springsignage Xibo 1.4.2
1 EDB exploit
NA
CVE-2006-4973
Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke prior to 3.3.5, and 4.x prior to 4.3.5, allows remote malicious users to inject arbitrary HTML via the error parameter.
Dotnetnuke Dotnetnuke 2.1.1
Dotnetnuke Dotnetnuke 1.0.10e
Dotnetnuke Dotnetnuke 1.0.10d
Dotnetnuke Dotnetnuke 1.0.7
Dotnetnuke Dotnetnuke 1.0.8
Dotnetnuke Dotnetnuke 1.0.6
Dotnetnuke Dotnetnuke 1.0.9
Dotnetnuke Dotnetnuke 3.0.8
Dotnetnuke Dotnetnuke 2.1.2
Dotnetnuke Dotnetnuke 4.0
Dotnetnuke Dotnetnuke 3.0.7
Dotnetnuke Dotnetnuke 3.1.0
1 EDB exploit
NA
CVE-2005-4454
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote malicious users to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme...
Livejournal Livejournal
1 EDB exploit
NA
CVE-2005-2721
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote malicious users to inject arbitrary web script or HTML via the Referer field in the HTTP header.
Foojan Php Weblog
1 EDB exploit
NA
CVE-2002-1480
Cross-site scripting (XSS) vulnerability in phpGB prior to 1.20 allows remote malicious users to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
Phpgb Phpgb 1.10
1 EDB exploit
6.1
CVSSv3
CVE-2019-11846
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
Dotcms Dotcms 5.1.1
5.4
CVSSv3
CVE-2019-13068
public/app/features/panel/panel_ctrl.ts in Grafana prior to 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
Grafana Grafana
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »