Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
inject vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-7260
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin prior to 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Phpmyadmin Phpmyadmin
4.3
CVSSv2
CVE-2014-6027
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote malicious users to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web s...
Torrentflux Project Torrentflux 2.4
4.3
CVSSv2
CVE-2007-4064
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x prior to 5.2, and 4.7.x prior to 4.7.7, (1) allow remote malicious users to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administ...
Drupal Drupal 4.7.4
Drupal Drupal 4.7.5
Drupal Drupal 4.7.0
Drupal Drupal 4.7.1
Drupal Drupal 5.0
Drupal Drupal 5.1
Drupal Drupal 4.7.2
Drupal Drupal 4.7.3
Drupal Drupal 4.7
Drupal Drupal 4.7.6
Drupal Drupal 4.7 Rev1.15
6
CVSSv2
CVE-2021-37131
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can...
Huawei Manageone 6.5.1
Huawei Manageone 6.5.1.1
Huawei Manageone 8.0.0
Huawei Manageone 8.0.1
Huawei Imanager Neteco V600r010c00cp2001
Huawei Imanager Neteco V600r010c00cp2002
Huawei Imanager Neteco V600r010c00cp3001
Huawei Imanager Neteco V600r010c00cp3002
Huawei Imanager Neteco V600r010c00cp3101
Huawei Imanager Neteco V600r010c00cp3102
Huawei Imanager Neteco V600r010c00spc100
Huawei Imanager Neteco V600r010c00spc110
Huawei Imanager Neteco V600r010c00spc120
Huawei Imanager Neteco V600r010c00spc200
Huawei Imanager Neteco V600r010c00spc210
Huawei Imanager Neteco V600r010c00spc300
Huawei Imanager Neteco V600r010c00spc310
Huawei Imanager Neteco 6000 V600r009c00cp2201
Huawei Imanager Neteco 6000 V600r009c00cp2301
Huawei Imanager Neteco 6000 V600r009c00spc100
Huawei Imanager Neteco 6000 V600r009c00spc110
Huawei Imanager Neteco 6000 V600r009c00spc120
4.3
CVSSv2
CVE-2006-6223
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote malicious users to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
Google Mini Search Appliance
Google Search Appliance
4.3
CVSSv2
CVE-2014-6439
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch prior to 1.4.0.Beta1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Elasticsearch Elasticsearch
NA
CVE-2022-37027
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX ser...
Ahsay Cloud Backup Suite 9.1.4.0
5
CVSSv2
CVE-2017-8812
MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows remote malicious users to inject > (greater than) characters via the id attribute of a headline.
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.2
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2016-4841
Cybozu Mailwise prior to 5.4.0 allows remote malicious users to inject arbitrary email headers.
Cybozu Mailwise 5.0.5
Cybozu Mailwise 5.1.0
Cybozu Mailwise 5.3.1
Cybozu Mailwise 5.0.0
Cybozu Mailwise 5.0.1
Cybozu Mailwise 5.0.4
Cybozu Mailwise 5.1.2
Cybozu Mailwise 5.1.4
Cybozu Mailwise 5.2.0
Cybozu Mailwise 5.2.1
Cybozu Mailwise 5.0.6
Cybozu Mailwise 5.1.1
Cybozu Mailwise 5.3.0
Cybozu Mailwise 5.3.2
NA
CVE-2022-47877
A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.
Jedox Jedox 2020.2.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »