Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
xss vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling...
Apache Sling Xss Protection Api
Apache Sling Xss Protection Api 2.0.0
Apache Sling Xss Protection Api Compat 1.1.0
4.3
CVSSv2
CVE-2015-1812
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813....
Jenkins Jenkins
Redhat Openshift
4.3
CVSSv2
CVE-2020-28034
WordPress before 5.5.2 allows XSS associated with global variables....
Wordpress Wordpress
4.3
CVSSv2
CVE-2020-28038
WordPress before 5.5.2 allows stored XSS via post slugs....
Wordpress Wordpress
1 Github repository available
4.3
CVSSv2
CVE-2015-1813
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812....
Jenkins Jenkins
Redhat Openshift
4.3
CVSSv2
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20....
Apache Struts
4.3
CVSSv2
CVE-2014-0141
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3....
Redhat Satellite 6.0.3
2 Github repositories available
3.5
CVSSv2
CVE-2017-7538
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users....
Redhat Satellite
3.5
CVSSv2
CVE-2015-0284
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of...
Redhat Spacewalk-java -
Redhat Network Satellite 5.7
4.3
CVSSv2
CVE-2019-8331
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute....
Getbootstrap Bootstrap
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Edge Gateway
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Webaccelerator
Redhat Virtualization Manager 4.3
3 Github repositories available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-33739
CVE-2020-12915
server-side request forgery
wireless
CVE-2009-4289
CVE-2017-5772
CVE-2020-12916
spoof
CVE-2021-26868
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »
Vulmon