Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netsparker.com vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-6280
Multiple cross-site scripting (XSS) vulnerabilities in OSClass prior to 3.4.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/i...
Osclass Osclass
Osclass Osclass 3.4.0
383
VMScore
CVE-2019-9838
VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering.
Vfront Vfront 0.99.5
383
VMScore
CVE-2019-9839
VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter.
Vfront Vfront 0.99.5
383
VMScore
CVE-2018-13983
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.
Impresscms Impresscms 1.3.10
383
VMScore
CVE-2019-8349
Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature.
Htmly Htmly 2.7.4
383
VMScore
CVE-2015-6584
Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and previous versions for jQuery allows remote malicious users to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.
Sprymedia Datatables
383
VMScore
CVE-2018-19414
Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php.
Plikli Plikli Cms 4.0.0
383
VMScore
CVE-2014-7183
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Litecart Litecart
605
VMScore
CVE-2019-11457
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
Micropyramid Django Crm 0.2.1
516
VMScore
CVE-2018-14474
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.
Goodoldweb Orange Forum 1.4.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »