Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-0007
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka...
Microsoft Anti-cross Site Scripting Library 3.1
Microsoft Anti-cross Site Scripting Library 4.0
1 EDB exploit available
6.1
CVSSv3
CVE-2020-13666
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions...
Drupal Drupal
NA
CVE-2014-2856
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function....
Apple Cups 1.1.12
Apple Cups 1.1.13
Apple Cups 1.1.19
Apple Cups 1.1.20
Apple Cups 1.1.22
Apple Cups 1.1.5-2
Apple Cups 1.1.6
Apple Cups 1.1.6-1
Apple Cups 1.2
Apple Cups 1.2.11
Apple Cups 1.2.12
Apple Cups 1.2.9
Apple Cups 1.3
Apple Cups 1.3.2
Apple Cups 1.3.3
Apple Cups 1.4
Apple Cups 1.4.5
Apple Cups 1.4.6
Apple Cups 1.5.0
Apple Cups 1.5
Apple Cups 1.6
Apple Cups 1.1.1
Apple Cups 1.1.10
Apple Cups 1.1.16
Apple Cups 1.1.17
Apple Cups 1.1.2
Apple Cups 1.1.21
Apple Cups 1.1.3
Apple Cups 1.1.4
Apple Cups 1.1.7
Apple Cups 1.1.8
Apple Cups 1.2.0
Apple Cups 1.2.4
Apple Cups 1.2.5
Apple Cups 1.3.0
Apple Cups 1.3.1
Apple Cups 1.3.6
Apple Cups 1.3.7
Apple Cups 1.4.0
Apple Cups 1.4.1
Apple Cups 1.4.2
Apple Cups 1.5.4
Apple Cups 1.5.3
Apple Cups 1.6.4
Apple Cups 1.6.3
Apple Cups 1.7
Apple Cups 1.1
Apple Cups 1.1.14
Apple Cups 1.1.15
Apple Cups 1.1.23
Apple Cups 1.1.6-2
Apple Cups 1.1.6-3
Apple Cups 1.2.2
Apple Cups 1.2.3
Apple Cups 1.3.4
Apple Cups 1.3.5
Apple Cups 1.4.7
Apple Cups 1.4.8
Apple Cups 1.7.1
Apple Cups
Apple Cups 1.7.0
Apple Cups 1.1.10-1
Apple Cups 1.1.11
Apple Cups 1.1.18
Apple Cups 1.1.5
Apple Cups 1.1.5-1
Apple Cups 1.1.9
Apple Cups 1.1.9-1
Apple Cups 1.2.1
Apple Cups 1.2.10
Apple Cups 1.2.6
Apple Cups 1.2.7
Apple Cups 1.2.8
Apple Cups 1.3.10
Apple Cups 1.3.11
Apple Cups 1.3.8
Apple Cups 1.3.9
Apple Cups 1.4.3
Apple Cups 1.4.4
Apple Cups 1.5.2
Apple Cups 1.5.1
Apple Cups 1.6.2
Apple Cups 1.6.1
6.1
CVSSv3
CVE-2014-0141
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3....
Redhat Satellite 6.0.3
2 Github repositories available
6.1
CVSSv3
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20....
Apache Struts
NA
CVE-2014-3653
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template....
Theforeman Foreman
5.4
CVSSv3
CVE-2021-41029
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...
Fortinet Fortiwlm
6.1
CVSSv3
CVE-2022-2217
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0....
Parse-url Project Parse-url
6.1
CVSSv3
CVE-2020-13668
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions...
Drupal Drupal
6.1
CVSSv3
CVE-2020-3867
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...
Apple Icloud
Apple Itunes
Apple Safari
Apple Ipados
Apple Iphone Os
Apple Tvos
Opensuse Leap 15.1
Webkitgtk Webkitgtk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-34595
CVE-2022-23713
CVE-2022-21786
hard-coded
remote attackers
cross-site request forgery
CVE-2022-2274
CVE-2021-37839
CVE-2022-26135
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »