Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-link vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
Thinkcmf Thinkcmf X2.2.2
4.3
CVSSv3
CVE-2019-5243
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability.
Huawei Hg255s Firmware -
6.1
CVSSv3
CVE-2019-11928
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.
Whatsapp Whatsapp Desktop
2 Articles
6.1
CVSSv3
CVE-2022-0250
The Redirection for Contact Form 7 WordPress plugin prior to 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting
Redirection-for-contact-form7 Redirection For Contact Form 7
5.4
CVSSv3
CVE-2022-37429
Silverstripe silverstripe/framework up to and including 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
Silverstripe Framework
6.1
CVSSv3
CVE-2021-20994
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Wago 0852-0303 Firmware
Wago 0852-1305 Firmware
Wago 0852-1505 Firmware
Wago 0852-1305\\/000-001 Firmware
Wago 0852-1505\\/000-001 Firmware
6.1
CVSSv3
CVE-2020-28150
I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect.
Inetsoftware I-net Clear Reports 20.10.136
NA
CVE-2002-0938
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote malicious users to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
Cisco Secure Access Control Server 3.0
Cisco Secure Access Control Server 3.0.1
1 EDB exploit
6.1
CVSSv3
CVE-2021-34364
The Refined GitHub browser extension prior to 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns.
Refined-github Project Refined-github
NA
CVE-2002-0731
Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote malicious users to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.
Vqsoft Vqserver 1.9
Vqsoft Vqserver 1.9.30
Vqsoft Vqserver 1.9.47
Vqsoft Vqserver 1.9.55
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »