Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
inject vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-4064
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x prior to 5.2, and 4.7.x prior to 4.7.7, (1) allow remote malicious users to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administ...
Drupal Drupal 4.7.4
Drupal Drupal 4.7.5
Drupal Drupal 4.7.0
Drupal Drupal 4.7.1
Drupal Drupal 5.0
Drupal Drupal 5.1
Drupal Drupal 4.7.2
Drupal Drupal 4.7.3
Drupal Drupal 4.7
Drupal Drupal 4.7.6
Drupal Drupal 4.7 Rev1.15
4.3
CVSSv2
CVE-2014-6027
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote malicious users to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web s...
Torrentflux Project Torrentflux 2.4
6
CVSSv2
CVE-2021-37131
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can...
Huawei Manageone 6.5.1
Huawei Manageone 6.5.1.1
Huawei Manageone 8.0.0
Huawei Manageone 8.0.1
Huawei Imanager Neteco V600r010c00cp2001
Huawei Imanager Neteco V600r010c00cp2002
Huawei Imanager Neteco V600r010c00cp3001
Huawei Imanager Neteco V600r010c00cp3002
Huawei Imanager Neteco V600r010c00cp3101
Huawei Imanager Neteco V600r010c00cp3102
Huawei Imanager Neteco V600r010c00spc100
Huawei Imanager Neteco V600r010c00spc110
Huawei Imanager Neteco V600r010c00spc120
Huawei Imanager Neteco V600r010c00spc200
Huawei Imanager Neteco V600r010c00spc210
Huawei Imanager Neteco V600r010c00spc300
Huawei Imanager Neteco V600r010c00spc310
Huawei Imanager Neteco 6000 V600r009c00cp2201
Huawei Imanager Neteco 6000 V600r009c00cp2301
Huawei Imanager Neteco 6000 V600r009c00spc100
Huawei Imanager Neteco 6000 V600r009c00spc110
Huawei Imanager Neteco 6000 V600r009c00spc120
3.5
CVSSv2
CVE-2018-7260
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin prior to 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Phpmyadmin Phpmyadmin
NA
CVE-2022-37027
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX ser...
Ahsay Cloud Backup Suite 9.1.4.0
4.3
CVSSv2
CVE-2014-6439
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch prior to 1.4.0.Beta1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Elasticsearch Elasticsearch
5
CVSSv2
CVE-2017-8812
MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows remote malicious users to inject > (greater than) characters via the id attribute of a headline.
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.2
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2006-6223
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote malicious users to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
Google Mini Search Appliance
Google Search Appliance
6.8
CVSSv2
CVE-2007-1926
Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin prior to 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (...
Jbmc Software Directadmin
4.3
CVSSv2
CVE-2015-2220
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin prior to 2.8.9 for WordPress allow (1) remote malicious users to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php ...
Ninjaforms Ninja Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »