Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflected xss vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-1825
Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 up to and including 6.3.4.10 allow remote malicious users to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass a...
Forescout Counteract 6.3.4.10
Forescout Counteract 6.3.3.2
6.1
CVSSv3
CVE-2019-11559
A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote malicious users to inject arbitrary web script or HTML via the URL parameter to the Login component.
Hrworks Hrworks 1.16.1
NA
CVE-2018-17864
SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)
6.1
CVSSv3
CVE-2019-9909
The "Donation Plugin and Fundraising Platform" plugin prior to 2.3.1 for WordPress has wp-admin/edit.php csv XSS.
Givewp Givewp
NA
CVE-2024-27140
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixe...
NA
CVE-2010-2914
Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Nessus Web Server Plugin 1.2.4
NA
CVE-2013-5911
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 up to and including 4.7 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
Tenable Securitycenter 4.6
Tenable Securitycenter 4.7
6.1
CVSSv3
CVE-2017-0378
XSS exists in the login_form function in views/helpers.php in Phamm prior to 0.6.7, exploitable via the PATH_INFO to main.php.
Phamm Phamm
6.1
CVSSv3
CVE-2018-12996
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager prior to 13 (Build 13800) allows remote malicious users to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
Zohocorp Manageengine Applications Manager
6.1
CVSSv3
CVE-2020-1949
Scripts in Sling CMS prior to 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Apache Sling Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »