Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

inject vulnerabilities and exploits

(subscribe to this query)

6.1
CVSSv3
CVE-2021-37860
Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP....
Mattermost Mattermost
6.5
CVSSv3
CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf....
Znc ZncDebian Debian Linux 9.0
9.8
CVSSv3
CVE-2018-1132
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final...
Opendaylight Sdninterfaceapp
6.1
CVSSv3
CVE-2016-5147
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."...
Google Chrome
6.1
CVSSv3
CVE-2016-3113
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML....
Redhat Ovirt-engine -
8.8
CVSSv3
CVE-2018-12561
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL....
Cantata Project Cantata
5.3
CVSSv3
CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2....
Mozilla ThunderbirdRedhat Enterprise Linux 6.0Redhat Enterprise Linux Server Eus 7.5Redhat Enterprise Linux Server Eus 7.3Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Workstation 6.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server Eus 7.4Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux 7.0Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server Aus 7.3Debian Debian Linux 9.0Debian Debian Linux 7.0Debian Debian Linux 8.0
5.4
CVSSv3
CVE-2018-7260
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL....
Phpmyadmin Phpmyadmin
NA
CVE-2014-6439
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....
Elasticsearch Elasticsearch
NA
CVE-2015-0881
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response....
Squid-cache Squid
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-34595CVE-2022-23713CVE-2022-21786hard-codedremote attackerscross-site request forgeryCVE-2022-2274CVE-2021-37839CVE-2022-26135
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook