Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
anchor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3434
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an malicious user to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.
Savoirfairelinux Jami 20222284
NA
CVE-2023-49779
Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
828
VMScore
CVE-2009-1708
Apple Safari prior to 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote malicious users to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
Apple Safari 3.0
Apple Safari 3.0.3
Apple Safari 1.1
Apple Safari 1.2
Apple Safari 3.2.1
Apple Safari 3.2.3
Apple Safari 1.0
Apple Safari 1.0.3
Apple Safari 2.0.2
Apple Safari 2.0.4
Apple Safari 3.0.4
Apple Safari 3.1.1
Apple Safari 1.3
Apple Safari 1.3.1
Apple Safari
Apple Safari 3.0.2
Apple Safari 3.1
Apple Safari 3.1.2
Apple Safari 0.8
Apple Safari 1.3.2
Apple Safari 2.0
Apple Safari 0.9
383
VMScore
CVE-2021-23411
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.
Anchorme Project Anchorme
445
VMScore
CVE-2008-4696
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera prior to 9.61 allows remote malicious users to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search ...
Opera Opera 9.20
Opera Opera 9.10
Opera Opera 9.02
Opera Opera 8.52
Opera Opera 8.51
Opera Opera 8.0
Opera Opera 7.54
Opera Opera 7.50
Opera Opera 7.21
Opera Opera 7.0
Opera Opera 7.03
Opera Opera 6.05
Opera Opera 6.04
Opera Opera 5.2
Opera Opera 5.1
Opera Opera 9.50
Opera Opera 9.51
Opera Opera
Opera Opera 9.21
Opera Opera 9.22
Opera Opera 9.01
Opera Opera 9.0
3 EDB exploits
641
VMScore
CVE-2019-1649
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local malicious user to write a modified firmware image to the component. This vulnerability affects mul...
Cisco Asa 5500 Firmware
Cisco Firepower 2100 Firmware
Cisco Firepower 4000 Firmware
Cisco Firepower 9000 Firmware
Cisco Ons 15454 Mstp Firmware
Cisco Analog Voice Network Interface Modules Firmware
Cisco Integrated Services Router T1\\/e1 Voice And Wan Network Interface Modules Firmware
Cisco Supervisor A\\+ Firmware
Cisco Supervisor B\\+ Firmware
Cisco 15454-m-wse-k9 Firmware
Cisco Ios Xe
Cisco Ios
Cisco Industrial Security Appliances 3000 Firmware
Cisco Integrated Services Router 4200 Firmware
Cisco Integrated Services Router 4300 Firmware
Cisco Integrated Services Router 4400 Firmware
Cisco Asr 1000 Series Firmware
Cisco Asr 1001 Firmware 16.0.0
Cisco Ios Xr 7.0.1
Cisco Catalyst 9800-40 Wireless Controller Firmware -
Cisco Catalyst 9800-80 Wireless Controller Firmware -
Cisco Ic3000-k9 Firmware
2 Articles
445
VMScore
CVE-2008-4688
core/string_api.php in Mantis prior to 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote malicious users to discover an issue's title and status via a request with a modified issue number.
Mantis Mantis 1.0.7
Mantis Mantis 1.0.6
Mantis Mantis 0.19.3
Mantis Mantis 1.0.8
Mantis Mantis 1.0.1
Mantis Mantis 0.19.4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.2
Mantis Mantis 1.1.2
Mantis Mantis 1.0.5
Mantis Mantis 1.0.4
Mantis Mantis 1.1.1
Mantis Mantis
668
VMScore
CVE-2012-6637
Apache Cordova 3.3.0 and previous versions and Adobe PhoneGap 2.9.0 and previous versions do not anchor the end of domain-name regular expressions, which allows remote malicious users to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as...
Apache Cordova 3.3.0
Apache Cordova 3.2.0
Apache Cordova
Apache Cordova 3.0.0
Apache Cordova 3.1.0
Adobe Phonegap 2.0.0
Adobe Phonegap 2.1.0
Adobe Phonegap 2.7.0
Adobe Phonegap 2.2.0
Adobe Phonegap 2.3.0
Adobe Phonegap 2.5.0
Adobe Phonegap 2.6.0
Adobe Phonegap 2.9.0
Adobe Phonegap 2.4.0
Adobe Phonegap
Adobe Phonegap 2.8.0
Adobe Phonegap 2.8.1
383
VMScore
CVE-2013-4997
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x prior to 3.5.8.2 allow remote malicious users to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart titl...
Phpmyadmin Phpmyadmin 3.5.1.0
Phpmyadmin Phpmyadmin 3.5.2.2
Phpmyadmin Phpmyadmin 3.5.6
Phpmyadmin Phpmyadmin 3.5.0.0
Phpmyadmin Phpmyadmin 3.5.2.1
Phpmyadmin Phpmyadmin 3.5.2.0
Phpmyadmin Phpmyadmin 3.5.8
Phpmyadmin Phpmyadmin 3.5.5
Phpmyadmin Phpmyadmin 3.5.4
Phpmyadmin Phpmyadmin 3.5.7
Phpmyadmin Phpmyadmin 3.5.3.0
Phpmyadmin Phpmyadmin 3.5.8.1
383
VMScore
CVE-2021-38377
OX App Suite up to and including 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.
Open-xchange Ox App Suite
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »