Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

xss vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv2
CVE-2021-41317
XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths....
Xss Hunter Express Project Xss Hunter Express
4.3
CVSSv2
CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling...
Apache Sling Xss Protection ApiApache Sling Xss Protection Api 2.0.0Apache Sling Xss Protection Api Compat 1.1.0
4.3
CVSSv2
CVE-2020-28034
WordPress before 5.5.2 allows XSS associated with global variables....
Wordpress Wordpress
4.3
CVSSv2
CVE-2020-28038
WordPress before 5.5.2 allows stored XSS via post slugs....
Wordpress Wordpress
4.3
CVSSv2
CVE-2015-1812
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813....
Jenkins JenkinsRedhat Openshift
3.5
CVSSv2
CVE-2020-7390
Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. The ‘First name’, ‘Last name’, and ‘Email’ fields within the ‘Edit User’ page is vulnerable to a stored XSS sequence....
Sage Syracuse
4.3
CVSSv2
CVE-2021-41951
ResourceSpace Reflected XSS vulnerability...
Montala ResourcespaceMontala Resourcespace 9.6
4.3
CVSSv2
CVE-2016-5191
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an...
Google Chrome
4.3
CVSSv2
CVE-2016-5207
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML...
Google Chrome
4.3
CVSSv2
CVE-2015-1813
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812....
Jenkins JenkinsRedhat Openshift
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-40724cross-site request forgeryXSSCVE-2022-0180file uploadCVE-2021-45052CVE-2022-0130CVE-2020-28919CVE-2022-0215
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook