Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ishaq mohammed vulnerabilities and exploits
(subscribe to this query)
355
VMScore
CVE-2019-10349
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and previous versions allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Jenkins Dependency Graph Viewer
1 EDB exploit
435
VMScore
CVE-2017-15878
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS prior to 4.0.0-beta.7 via the Contact Us feature.
Keystonejs Keystone
1 EDB exploit
685
VMScore
CVE-2017-15879
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS prior to 4.0.0-beta.7 via a value that is mishandled in a CSV export.
Keystonejs Keystone
1 EDB exploit
435
VMScore
CVE-2019-6804
An XSS issue exists on the Job Edit page in Rundeck Community Edition prior to 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
Pagerduty Rundeck
1 EDB exploit
NA
CVE-2019-68042
Rundeck Community Edition versions prior to 3.0.13 suffer from a cross site scripting vulnerability.
355
VMScore
CVE-2017-16807
A cross-site Scripting (XSS) vulnerability in Kirby Panel prior to 2.3.3, 2.4.x prior to 2.4.2, and 2.5.x prior to 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
Getkirby Panel
1 EDB exploit
NA
CVE-2017-168071
KirbyCMS versions prior to 2.5.7 suffer from a persistent cross site scripting vulnerability.
NA
CVE-2019-103492
Jenkins Dependency Graph View plugin version 0.13 suffers from a persistent cross site scripting vulnerability.
355
VMScore
CVE-2017-14618
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ up to and including 2.9.8 allows remote malicious users to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
Phpmyfaq Phpmyfaq
1 EDB exploit
355
VMScore
CVE-2017-15284
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
Octobercms October 1.0.425
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »