Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netsparker.com vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-8349
Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature.
Htmly Htmly 2.7.4
NA
CVE-2020-995566
BigtreeCMS version 4.4.11 suffers from a cross site scripting vulnerability.
8.8
CVSSv3
CVE-2019-11457
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
Micropyramid Django Crm 0.2.1
NA
CVE-2014-6280
Multiple cross-site scripting (XSS) vulnerabilities in OSClass prior to 3.4.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/i...
Osclass Osclass
Osclass Osclass 3.4.0
6.1
CVSSv3
CVE-2018-20140
Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.
Zenphoto Zenphoto 1.4.14
6.1
CVSSv3
CVE-2018-20141
AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.
Abantecart Abantecart 1.2.12
6.1
CVSSv3
CVE-2018-13983
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.
Impresscms Impresscms 1.3.10
NA
CVE-2015-6238
Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin prior to 6.4.9.6 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_do...
Sumome Google Analyticator
6.1
CVSSv3
CVE-2019-7324
app/Core/Paginator.php in Kanboard prior to 1.2.8 has XSS in pagination sorting.
Kanboard Kanboard
6.1
CVSSv3
CVE-2018-19414
Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php.
Plikli Plikli Cms 4.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »