Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-3428
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
Yealink Voip Phone 28.2.0.128.0.0.0
2.6
CVSSv2
CVE-2014-1826
Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote malicious users to inject arbitrary web script or HTML via a crafted map name.
Ithoughts Ithoughtshd 4.19
4.3
CVSSv2
CVE-2014-1828
The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote malicious users to cause a denial of service (disk consumption) by uploading a large file.
Ithoughts Ithoughtshd 4.19
6.8
CVSSv2
CVE-2015-1614
Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_crunc...
Image Metadata Cruncher Project Image Metadata Cruncher -
4.3
CVSSv2
CVE-2011-3598
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin prior to 5.0.3 allow remote malicious users to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
Phppgadmin Phppgadmin 3.5.2
Phppgadmin Phppgadmin 3.2
Phppgadmin Phppgadmin 4.2.1
Phppgadmin Phppgadmin 3.1
Phppgadmin Phppgadmin
Phppgadmin Phppgadmin 3.5.3
Phppgadmin Phppgadmin 3.4.1
Phppgadmin Phppgadmin 4.2.2
Phppgadmin Phppgadmin 4.2.3
Phppgadmin Phppgadmin 3.5
Phppgadmin Phppgadmin 4.1.1
Phppgadmin Phppgadmin 2.2.1
Phppgadmin Phppgadmin 2.2
Phppgadmin Phppgadmin 3.4
Phppgadmin Phppgadmin 3.3
Phppgadmin Phppgadmin 5.0.0
Phppgadmin Phppgadmin 5.0.1
4.3
CVSSv2
CVE-2014-1827
The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote malicious users to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file.
Ithoughts Ithoughtshd 4.19
7.5
CVSSv2
CVE-2017-7886
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
Dolibarr Dolibarr Erp\\/crm 4.0.4
4.3
CVSSv2
CVE-2017-7887
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
Dolibarr Dolibarr Erp\\/crm 4.0.4
2.6
CVSSv2
CVE-2005-4494
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
Spip Spip 1.8.2
5
CVSSv2
CVE-2017-7888
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
Dolibarr Dolibarr Erp\\/crm 4.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »