Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2018-5479
FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for malicious users to steal sessions of...
Foxsash Imghosting 1.5
1 EDB exploit
435
VMScore
CVE-2018-5715
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
Sugarcrm Sugarcrm 3.5.1
1 EDB exploit
355
VMScore
CVE-2019-13029
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 prior to 8.10.20 and 9 prior to 9.1.2 allow an malicious user to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Vanderbilt Redcap
1 EDB exploit
435
VMScore
CVE-2016-3411
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration prior to 8.7.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.
Synacor Zimbra Collaboration Suite
1 EDB exploit
435
VMScore
CVE-2019-11564
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote malicious users to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.
Humhub Humhub 1.3.12
1 EDB exploit
435
VMScore
CVE-2018-15596
An issue exists in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren...
Mybb Mybb 1.8.17
1 EDB exploit
435
VMScore
CVE-2018-17832
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.
Wuzhicms Wuzhi Cms 2.0
1 EDB exploit
355
VMScore
CVE-2018-11512
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted we...
Creatiwity Witycms 0.6.1
1 EDB exploit
435
VMScore
CVE-2019-17220
Rocket.Chat prior to 2.1.0 allows XSS via a URL on a ![title] line.
Rocket.chat Rocket.chat
1 EDB exploit
355
VMScore
CVE-2019-16173
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
Limesurvey Limesurvey
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »