Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-21169
The package express-xss-sanitizer prior to 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the malicious user to bypass xss sanitization.
Express Xss Sanitizer Project Express Xss Sanitizer
9.8
CVSSv3
CVE-2021-41317
XSS Hunter Express prior to 2021-09-17 does not properly enforce authentication requirements for paths.
Xss Hunter Express Project Xss Hunter Express
6.1
CVSSv3
CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling X...
Apache Sling Xss Protection Api
Apache Sling Xss Protection Api 2.0.0
Apache Sling Xss Protection Api Compat 1.1.0
NA
CVE-2010-1647
Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.2
NA
CVE-2010-1648
Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the ...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.2
NA
CVE-2011-0790
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
Sun Sunos 5.10
Sun Sunos 5.9
NA
CVE-2011-4344
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins prior to 1.438, and 1.409 LTS prior to 1.409.3 LTS, when a stand-alone container is used, allows remote malicious users to inject arbitrary web script or HTML via vectors related to error messages.
Jenkins Jenkins 1.409.1
Jenkins Jenkins 1.409.2
Jenkins Jenkins
NA
CVE-2010-2491
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup prior to 1.4.14 allows remote malicious users to inject arbitrary web script or HTML via the template argument to the /issue program.
Roundup-tracker Roundup 0.5.2
Roundup-tracker Roundup 0.6.1
Roundup-tracker Roundup 0.6.11
Roundup-tracker Roundup 0.8.4
Roundup-tracker Roundup 0.5.8
Roundup-tracker Roundup 0.2.1
Roundup-tracker Roundup 0.2.3
Roundup-tracker Roundup 0.7.9
Roundup-tracker Roundup 0.4.0
Roundup-tracker Roundup 1.3.3
Roundup-tracker Roundup 0.6.0
Roundup-tracker Roundup 0.5.3
Roundup-tracker Roundup 1.0.1
Roundup-tracker Roundup 1.4.7
Roundup-tracker Roundup 0.7.4
Roundup-tracker Roundup 1.3.2
Roundup-tracker Roundup 0.7.7
Roundup-tracker Roundup 0.1.0
Roundup-tracker Roundup 0.2.0
Roundup-tracker Roundup 0.6.5
Roundup-tracker Roundup 0.7.2
Roundup-tracker Roundup 0.6.3
NA
CVE-2007-0857
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin prior to 1.5.7 allow remote malicious users to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.
Moinmoin Moinmoin 1.5.5a
Moinmoin Moinmoin 1.5.2
Moinmoin Moinmoin 1.5.5 Rc1
Moinmoin Moinmoin 1.5.0
Moinmoin Moinmoin 1.5.3 Rc1
Moinmoin Moinmoin 1.5.3 Rc2
Moinmoin Moinmoin 1.5.1
Moinmoin Moinmoin 1.5.4
Moinmoin Moinmoin 1.5.5
Moinmoin Moinmoin
Moinmoin Moinmoin 1.5.3
6.1
CVSSv3
CVE-2015-4707
Cross-site scripting (XSS) vulnerability in IPython prior to 3.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
Ipython Ipython
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
adobe
CVE-2024-9201
CVE-2024-9680
CVE-2024-9808
CVE-2024-9794
dos
remote attackers
commerce
CVE-2024-45129
overflow
CVE-2024-43572
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »