Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2014-2279
Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) prior to 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php...
Seeddms Seeddms
2.6
CVSSv2
CVE-2010-2788
Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki prior to 1.15.5, when wgEnableProfileInfo is enabled, allows remote malicious users to inject arbitrary web script or HTML via the filter parameter.
Mediawiki Mediawiki 1.11
Mediawiki Mediawiki 1.10.3
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.11.2
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.3.15
Mediawiki Mediawiki 1.3.14
Mediawiki Mediawiki 1.2.5
Mediawiki Mediawiki 1.2.4
Mediawiki Mediawiki 1.5
Mediawiki Mediawiki 1.4.1
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.4.14
Mediawiki Mediawiki 1.4.13
Mediawiki Mediawiki 1.5.5
Mediawiki Mediawiki 1.5.6
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.4
Mediawiki Mediawiki 1.15.3
4.3
CVSSv2
CVE-2014-9325
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to...
Twiki Twiki 6.0.1
6.8
CVSSv2
CVE-2014-9338
Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) o2t_user...
O2tweet Project O2tweet
6.8
CVSSv2
CVE-2014-9340
Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user...
Wpcommenttwit Project Wpcommenttwit
6.8
CVSSv2
CVE-2014-9368
Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash...
Twitterdash Project Twitterdash
6.8
CVSSv2
CVE-2014-9392
Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.3.1 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks vi...
Pictobrowser Project Pictobrowser
6.8
CVSSv2
CVE-2014-9395
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleh...
Simplelife Project Simplelife
6.8
CVSSv2
CVE-2014-9396
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) sim...
Simpleflickr Project Simpleflickr
6.8
CVSSv2
CVE-2014-9399
Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the tweetscribe_username...
Tweetscribe Project Tweetscribe
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »