Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflected xss vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-17862
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote malicious users to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Sap J2ee Engine 7.01
4.3
CVSSv2
CVE-2020-28859
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
Openasset Digital Asset Management
4.3
CVSSv2
CVE-2020-11727
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter.
Algolplus Advanced Order Export 3.1.3
3.5
CVSSv2
CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
Zohocorp Manageengine Servicedesk Plus
4.3
CVSSv2
CVE-2017-6761
A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerab...
Cisco Finesse 11.5\\(1\\)
Cisco Finesse 10.6\\(1\\)
4.3
CVSSv2
CVE-2013-6229
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResu...
Atmail Atmail 7.0.2
3 EDB exploits
3.5
CVSSv2
CVE-2019-19390
The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues.
Matrix42 Workspace Management
3.5
CVSSv2
CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
Cubecart Cubecart 6.2.2
3.5
CVSSv2
CVE-2017-6605
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. ...
Cisco Identity Services Engine 2.1\\(0.800\\)
3.5
CVSSv2
CVE-2018-1002003
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »