Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-8738
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.
Airties 5444 Firmware 1.0.0.18
Airties 5444tt Firmware 1.0.0.18
1 EDB exploit
NA
CVE-2012-1417
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
Yealink Gigabit Color Ip Phone Sip-t32g -
Yealink Ip Phone Sip-t28p -
Yealink W52p -
Yealink Ultra-elegant Ip Phone Sip-t41p -
Yealink Gigabit Color Ip Phone Sip-t38g -
Yealink Ip Phone Sip-t19p -
Yealink Ip Video Phone Vp530 -
Yealink Ultra-elegant Ip Phone Sip-t46g -
Yealink Ultra-elegant Ip Phone Sip-t42g -
Yealink Ip Phone Sip-t21p -
Yealink Ip Phone Sip-t20p -
Yealink Ultra-elegant Ip Phone Sip-t48g -
Yealink Ip Phone Sip-t26p -
Yealink Ip Phone Sip-t22p -
1 EDB exploit
NA
CVE-2005-4380
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote malicious users to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter t...
Bitweaver Bitweaver 1.1
Bitweaver Bitweaver 1.1.1 Beta
5 EDB exploits
NA
CVE-2007-0364
Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (...
Nicecoder Indexu 5.0.1
Nicecoder Indexu
Nicecoder Indexu 5.0
12 EDB exploits
NA
CVE-2004-0067
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView prior to 2.65 allow remote malicious users to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, ...
Phpgedview Phpgedview
14 EDB exploits
NA
CVE-2010-1482
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) prior to 1.7.1 might allow remote malicious users to inject arbitrary web script or HTML via the date_format_string parameter.
Cmsmadesimple Cms Made Simple 1.2
Cmsmadesimple Cms Made Simple 1.1.2
Cmsmadesimple Cms Made Simple 0.10
Cmsmadesimple Cms Made Simple 1.6.7
Cmsmadesimple Cms Made Simple 1.6
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.2.5
Cmsmadesimple Cms Made Simple 1.2.3
Cmsmadesimple Cms Made Simple 1.0.7
Cmsmadesimple Cms Made Simple 1.0.4
Cmsmadesimple Cms Made Simple 0.11.1
Cmsmadesimple Cms Made Simple 0.10.4
Cmsmadesimple Cms Made Simple 1.1
Cmsmadesimple Cms Made Simple 1.0
Cmsmadesimple Cms Made Simple 0.11
Cmsmadesimple Cms Made Simple 1.4.1
Cmsmadesimple Cms Made Simple 1.3
Cmsmadesimple Cms Made Simple 1.6.5
Cmsmadesimple Cms Made Simple 1.6.4
Cmsmadesimple Cms Made Simple 1.6.3
Cmsmadesimple Cms Made Simple 1.6.2
Cmsmadesimple Cms Made Simple 1.6.1
NA
CVE-2014-8773
MODX Revolution 2.x prior to 2.2.15 allows remote malicious users to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.11
Modx Modx Revolution 2.2.5
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.0.1
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.0.3
Modx Modx Revolution 2.0.4
1 EDB exploit
NA
CVE-2014-8774
Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x prior to 2.2.15 allows remote malicious users to inject arbitrary web script or HTML via the context_key parameter.
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.6
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.2
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.5
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.3
Modx Modx Revolution 2.2.5
1 EDB exploit
NA
CVE-2014-8775
MODX Revolution 2.x prior to 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.11
Modx Modx Revolution 2.2.5
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.0.1
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.12
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.0.3
1 EDB exploit
NA
CVE-2006-6929
Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to repl...
Ga Soft Rapid Classified 3.1
4 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »