Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stored xss vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3320
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated malicious users to modify the plu...
Wp Sticky Social Project Wp Sticky Social
1 EDB exploit
312
VMScore
CVE-2018-15426
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote malicious user to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insuffici...
Cisco Unity Connection Vmo-11.5\\(1\\)
383
VMScore
CVE-2018-15406
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote malicious user to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is...
Cisco Ucs Director 6.6
312
VMScore
CVE-2020-3464
A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based...
Cisco Ucs Director
383
VMScore
CVE-2017-6733
A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote malicious user to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More In...
Cisco Identity Services Engine 2.3\\(0.151\\)
Cisco Identity Services Engine 2.2\\(0.283\\)
Cisco Identity Services Engine 2.1\\(102.101\\)
445
VMScore
CVE-2019-8292
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
Online Store System Project Online Store System 1.0
NA
CVE-2023-20096
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote malicious user to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of use...
Cisco Unified Contact Center Express
312
VMScore
CVE-2020-3185
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to ...
Cisco Telepresence Management Suite
312
VMScore
CVE-2019-1777
A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against another user of the service. The vulnerability is due to insufficient validation of user-...
Cisco Registered Envelope Service 5.3.4-027
312
VMScore
CVE-2022-20781
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote malicious user to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. ...
Cisco Asyncos
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »