Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-2856
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function....
Apple
Cups
4.3
CVSSv2
CVE-2014-0141
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3....
Redhat
Satellite
2 Github repositories available
4.3
CVSSv2
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20....
Apache
Struts
4.3
CVSSv2
CVE-2014-3653
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template....
Theforeman
Foreman
4.3
CVSSv2
CVE-2017-1000188
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection...
Ejs
2 Github repositories available
4.3
CVSSv2
CVE-2020-3867
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...
Apple
Icloud
Itunes
Safari
Ipados
Iphone Os
Tvos
Opensuse
Leap
4.3
CVSSv2
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection....
Doxygen
7.5
CVSSv2
CVE-2002-0733
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message....
Acme Labs
Thttpd
1 EDB exploit available
3.5
CVSSv2
CVE-2019-10383
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages....
Jenkins
4.3
CVSSv2
CVE-2008-3821
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI....
Cisco
Ios
1 EDB exploit available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
server-side request forgery
CVE-2020-2218
CVE-2020-12828
CVE-2020-11074
prestashop
ibm
CVE-2019-4676
opensis
wireless
CVE-2019-15312
CVE-2019-19781
security identity manager virtual appliance
hardcoded
1
2
3
4
5
NEXT »
Vulmon