Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-link vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-5243
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability.
Huawei Hg255s Firmware -
6.1
CVSSv3
CVE-2019-11928
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.
Whatsapp Whatsapp Desktop
2 Articles
7.2
CVSSv3
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
Thinkcmf Thinkcmf X2.2.2
6.1
CVSSv3
CVE-2022-0250
The Redirection for Contact Form 7 WordPress plugin prior to 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting
Redirection-for-contact-form7 Redirection For Contact Form 7
NA
CVE-2002-0938
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote malicious users to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
Cisco Secure Access Control Server 3.0
Cisco Secure Access Control Server 3.0.1
1 EDB exploit
5.4
CVSSv3
CVE-2022-37429
Silverstripe silverstripe/framework up to and including 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
Silverstripe Framework
6.1
CVSSv3
CVE-2020-28150
I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect.
Inetsoftware I-net Clear Reports 20.10.136
6.1
CVSSv3
CVE-2021-20994
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Wago 0852-0303 Firmware
Wago 0852-1305 Firmware
Wago 0852-1505 Firmware
Wago 0852-1305\\/000-001 Firmware
Wago 0852-1505\\/000-001 Firmware
NA
CVE-2012-6130
Cross-site scripting (XSS) vulnerability in the history display in Roundup prior to 1.4.20 allows remote malicious users to inject arbitrary web script or HTML via a username, related to generating a link.
Roundup-tracker Roundup 1.4.1
Roundup-tracker Roundup 1.4.10
Roundup-tracker Roundup 1.4.17
Roundup-tracker Roundup 1.4.18
Roundup-tracker Roundup
Roundup-tracker Roundup 1.4.8
Roundup-tracker Roundup 1.4.9
Roundup-tracker Roundup 1.4.0
Roundup-tracker Roundup 1.4.15
Roundup-tracker Roundup 1.4.16
Roundup-tracker Roundup 1.4.6
Roundup-tracker Roundup 1.4.7
Roundup-tracker Roundup 1.4.13
Roundup-tracker Roundup 1.4.14
Roundup-tracker Roundup 1.4.4
Roundup-tracker Roundup 1.4.5
Roundup-tracker Roundup 1.4.11
Roundup-tracker Roundup 1.4.12
Roundup-tracker Roundup 1.4.2
Roundup-tracker Roundup 1.4.3
7.8
CVSSv3
CVE-2022-34893
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.
Trendmicro Security
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »