Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-11845
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
Ricoh Sp 4510dn Firmware -
5.4
CVSSv3
CVE-2017-6782
A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote malicious user to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the af...
Cisco Prime Infrastructure 3.2\\(0.0\\)
NA
CVE-2009-3718
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote malicious users to execute arbitrary SQL commands via the UserName parameter.
Davethewebguy Battle Blog 1.30
Davethewebguy Battle Blog 1.25
1 EDB exploit
NA
CVE-2009-3719
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote malicious users to inject arbitrary web script or HTML via a comment.
Davethewebguy Battle Blog 1.25
Davethewebguy Battle Blog 1.30
1 EDB exploit
5.4
CVSSv3
CVE-2023-48825
Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
Phpjabbers Availability Booking Calendar 5.0
4.8
CVSSv3
CVE-2023-3184
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username l...
Sales Tracker Management System Project Sales Tracker Management System 1.0
NA
CVE-2008-3758
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and previous versions (1) allow remote malicious users to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web scr...
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1.1.2
Lussumo Vanilla 1.1.3
Lussumo Vanilla 1.1
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1
Lussumo Vanilla 1.0.1
Lussumo Vanilla
1 EDB exploit
NA
CVE-2004-2475
Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote malicious users to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross pr...
Google Toolbar 1.1.42
Google Toolbar 1.1.43
Google Toolbar 1.1.54
Google Toolbar 1.1.55
Google Toolbar 2.0.114.1
Google Toolbar 1.1.47
Google Toolbar 1.1.48
Google Toolbar 1.1.58
Google Toolbar 1.1.59
Google Toolbar 1.1.44
Google Toolbar 1.1.45
Google Toolbar 1.1.56
Google Toolbar 1.1.57
Google Toolbar 1.1.41
Google Toolbar 1.1.49
Google Toolbar 1.1.53
Google Toolbar 1.1.60
1 EDB exploit
NA
CVE-2004-2514
Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote malicious users to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field.
Powerportal Powerportal 1.1b
Powerportal Powerportal 1.3
Powerportal Powerportal 1.3b
1 EDB exploit
NA
CVE-2007-0768
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and previous versions allow user-assisted remote malicious users to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG elem...
Yahoo Messenger
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »