Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-9337
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks vi...
Mikiurl Wordpress Eklentisi Project Mikiurl Wordpress Eklentisi
6.8
CVSSv2
CVE-2014-9394
Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrand...
Pwgrandom Project Pwgrandom
6.8
CVSSv2
CVE-2014-9398
Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the mashtlb_twitt...
Twitter Liveblog Project Twitter Liveblog
4.3
CVSSv2
CVE-2013-4722
Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote malicious users to inject arbitrary web script or HTML via the (1) username, (2) u...
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
5.8
CVSSv2
CVE-2013-4723
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
5
CVSSv2
CVE-2013-4724
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote malicious users to obtain potentially sensitive informatio...
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
5
CVSSv2
CVE-2013-4725
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmis...
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
5
CVSSv2
CVE-2013-4728
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote malicious users to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
4.3
CVSSv2
CVE-2013-7303
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP prior to 2.1.25 and 3.0.x prior to 3.0.13 allow remote malicious users to inject arbitrary web script or HTML via the author name f...
Spip Spip 3.0.3
Spip Spip 3.0.4
Spip Spip 2.1.23
Spip Spip 2.1.22
Spip Spip 2.1.16
Spip Spip 2.1.15
Spip Spip 2.0.9
Spip Spip 2.0.8
Spip Spip 2.0.21
Spip Spip 2.0.20
Spip Spip 2.0.14
Spip Spip 2.0.13
Spip Spip 3.0.10
Spip Spip 3.0.11
Spip Spip 3.0.2
Spip Spip 3.0.9
Spip Spip
Spip Spip 2.1.18
Spip Spip 2.1.17
Spip Spip 2.1.1
Spip Spip 2.1
Spip Spip 2.0.3
4.3
CVSSv2
CVE-2009-0413
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote malicious users to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
Roundcube Webmail 0.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »