Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2006-5958
Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote malicious users to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.
Infinicart Infinicart
3 EDB exploits
4.3
CVSSv2
CVE-2006-5190
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote malicious users to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currenci...
Oscommerce Oscommerce 2.2 Cvs
Oscommerce Oscommerce 2.2 Ms1
Oscommerce Oscommerce 1.13
Oscommerce Oscommerce 1.5.1
Oscommerce Oscommerce 2.1
Oscommerce Oscommerce 1.11
Oscommerce Oscommerce 1.12
Oscommerce Oscommerce
Oscommerce Oscommerce 1.1
Oscommerce Oscommerce 2.2 Ms2
Oscommerce Oscommerce 2.2 Ms3
17 EDB exploits
7.5
CVSSv2
CVE-2005-4380
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote malicious users to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter t...
Bitweaver Bitweaver 1.1
Bitweaver Bitweaver 1.1.1 Beta
5 EDB exploits
4.3
CVSSv2
CVE-2010-1482
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) prior to 1.7.1 might allow remote malicious users to inject arbitrary web script or HTML via the date_format_string parameter.
Cmsmadesimple Cms Made Simple 1.2
Cmsmadesimple Cms Made Simple 1.1.2
Cmsmadesimple Cms Made Simple 0.10
Cmsmadesimple Cms Made Simple 1.6.7
Cmsmadesimple Cms Made Simple 1.6
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.2.5
Cmsmadesimple Cms Made Simple 1.2.3
Cmsmadesimple Cms Made Simple 1.0.7
Cmsmadesimple Cms Made Simple 1.0.4
Cmsmadesimple Cms Made Simple 0.11.1
Cmsmadesimple Cms Made Simple 0.10.4
Cmsmadesimple Cms Made Simple 1.1
Cmsmadesimple Cms Made Simple 1.0
Cmsmadesimple Cms Made Simple 0.11
Cmsmadesimple Cms Made Simple 1.4.1
Cmsmadesimple Cms Made Simple 1.3
Cmsmadesimple Cms Made Simple 1.6.5
Cmsmadesimple Cms Made Simple 1.6.4
Cmsmadesimple Cms Made Simple 1.6.3
Cmsmadesimple Cms Made Simple 1.6.2
Cmsmadesimple Cms Made Simple 1.6.1
6.8
CVSSv2
CVE-2014-8773
MODX Revolution 2.x prior to 2.2.15 allows remote malicious users to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.11
Modx Modx Revolution 2.2.5
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.0.1
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.0.3
Modx Modx Revolution 2.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2014-8774
Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x prior to 2.2.15 allows remote malicious users to inject arbitrary web script or HTML via the context_key parameter.
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.6
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.2
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.5
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.3
Modx Modx Revolution 2.2.5
1 EDB exploit
5
CVSSv2
CVE-2014-8775
MODX Revolution 2.x prior to 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.11
Modx Modx Revolution 2.2.5
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.0.1
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.12
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.0.3
1 EDB exploit
4.3
CVSSv2
CVE-2004-0067
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView prior to 2.65 allow remote malicious users to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, ...
Phpgedview Phpgedview
14 EDB exploits
4.3
CVSSv2
CVE-2007-0364
Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (...
Nicecoder Indexu 5.0.1
Nicecoder Indexu
Nicecoder Indexu 5.0
12 EDB exploits
4.3
CVSSv2
CVE-2009-2882
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote malicious users to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to se...
Datingpro Matchmaking
4 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »