Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
inject vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-37860
Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP....
Mattermost Mattermost
6.5
CVSSv3
CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf....
Znc Znc
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2018-1132
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final...
Opendaylight Sdninterfaceapp
6.1
CVSSv3
CVE-2016-5147
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."...
Google Chrome
1 Article available
6.1
CVSSv3
CVE-2016-3113
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML....
Redhat Ovirt-engine -
1 Github repository available
8.8
CVSSv3
CVE-2018-12561
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL....
Cantata Project Cantata
5.3
CVSSv3
CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2....
Mozilla Thunderbird
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Server Eus 7.5
Redhat Enterprise Linux Server Eus 7.3
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Aus 7.3
Debian Debian Linux 9.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
1 Article available
5.4
CVSSv3
CVE-2018-7260
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL....
Phpmyadmin Phpmyadmin
2 Github repositories available
NA
CVE-2014-6439
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....
Elasticsearch Elasticsearch
NA
CVE-2015-0881
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response....
Squid-cache Squid
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-34595
CVE-2022-23713
CVE-2022-21786
hard-coded
remote attackers
cross-site request forgery
CVE-2022-2274
CVE-2021-37839
CVE-2022-26135
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »