Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-8685
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
Dolibarr Dolibarr
NA
CVE-2008-5891
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader prior to 2.1.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
Injader Injader 2.0.2
Injader Injader
Injader Injader 2.1.0
Injader Injader 2.0.3
Injader Injader 1.6.1
1 EDB exploit
NA
CVE-2010-1327
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
Tornadostore Tornadostore
1 EDB exploit
6.1
CVSSv3
CVE-2017-17649
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2
1 EDB exploit
6.1
CVSSv3
CVE-2019-10887
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote malicious users to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data...
Salicru Slc-20-cube3\\(5\\) Cs121-snmp 4.54.82.130611
1 EDB exploit
6.1
CVSSv3
CVE-2019-11846
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
Dotcms Dotcms 5.1.1
NA
CVE-2006-4973
Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke prior to 3.3.5, and 4.x prior to 4.3.5, allows remote malicious users to inject arbitrary HTML via the error parameter.
Dotnetnuke Dotnetnuke 2.1.1
Dotnetnuke Dotnetnuke 1.0.10e
Dotnetnuke Dotnetnuke 1.0.10d
Dotnetnuke Dotnetnuke 1.0.7
Dotnetnuke Dotnetnuke 1.0.8
Dotnetnuke Dotnetnuke 1.0.6
Dotnetnuke Dotnetnuke 1.0.9
Dotnetnuke Dotnetnuke 3.0.8
Dotnetnuke Dotnetnuke 2.1.2
Dotnetnuke Dotnetnuke 4.0
Dotnetnuke Dotnetnuke 3.0.7
Dotnetnuke Dotnetnuke 3.1.0
1 EDB exploit
5.4
CVSSv3
CVE-2019-13068
public/app/features/panel/panel_ctrl.ts in Grafana prior to 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
Grafana Grafana
NA
CVE-2002-1480
Cross-site scripting (XSS) vulnerability in phpGB prior to 1.20 allows remote malicious users to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
Phpgb Phpgb 1.10
1 EDB exploit
NA
CVE-2004-2625
Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote malicious users to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.
Outblaze Outblaze Email
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »