Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
xss vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-41317
XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths....
Xss Hunter Express Project Xss Hunter Express
4.3
CVSSv2
CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling...
Apache Sling Xss Protection Api
Apache Sling Xss Protection Api 2.0.0
Apache Sling Xss Protection Api Compat 1.1.0
3.5
CVSSv2
CVE-2020-7390
Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates...
Sage Syracuse
1 Article available
4.3
CVSSv2
CVE-2021-41951
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be...
Montala Resourcespace
Montala Resourcespace 9.6
4.3
CVSSv2
CVE-2015-1812
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813....
Jenkins Jenkins
Redhat Openshift
4.3
CVSSv2
CVE-2020-28034
WordPress before 5.5.2 allows XSS associated with global variables....
Wordpress Wordpress
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2020-28038
WordPress before 5.5.2 allows stored XSS via post slugs....
Wordpress Wordpress
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository available
3.5
CVSSv2
CVE-2021-32782
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this...
Nextcloud Circles
4.3
CVSSv2
CVE-2016-5191
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an...
Google Chrome
3 Articles available
4.3
CVSSv2
CVE-2016-5207
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML...
Google Chrome
5 Github repositories available
1 Article available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
stored XSS
CVE-2022-29582
CVE-2020-6507
CVE-2022-36835
CVE-2022-24028
CVE-2022-2692
CVE-2022-26346
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »