Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflected xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-12998
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote m...
Zohocorp Manageengine Netflow Analyzer -
Zohocorp Firewall Analyzer -
Zohocorp Manageengine Opmanager -
Zohocorp Manageengine Oputils -
Zohocorp Manageengine Network Configuration Manager -
6.1
CVSSv3
CVE-2016-4566
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload prior to 2.1.9, as used in WordPress prior to 4.5.2, allows remote malicious users to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Wordpress Wordpress
Plupload Plupload
4 Github repositories
6.1
CVSSv3
CVE-2019-9575
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
Quizandsurveymaster Quiz And Survey Master 6.0.4
6.1
CVSSv3
CVE-2018-20806
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
Phamm Phamm 0.6.8
6.1
CVSSv3
CVE-2023-36163
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote malicious user to execute arbitrary code via a crafted script to the mc parameter of the URL.
Buildagate Project Buildagate 5
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2018-17533
Teltonika RUT9XX routers with firmware prior to 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
Teltonika Rut900 Firmware
Teltonika Rut950 Firmware
Teltonika Rut955 Firmware
6.1
CVSSv3
CVE-2023-2779
The Social Share, Social Login and Social Comments WordPress plugin prior to 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Heator Social Share\\, Social Login And Social Comments
1 EDB exploit
5.4
CVSSv3
CVE-2021-3052
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based malicious user to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in t...
Paloaltonetworks Pan-os
6.1
CVSSv3
CVE-2020-13944
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
Apache Airflow
6.1
CVSSv3
CVE-2020-29303
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote malicious users to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter contain...
Directoriespro Directories Pro 1.3.45
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »