Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stored xss vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28853
Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote malicious user to execute code via a crafted payload to serval parameters in the post request of /preferences.php?ac...
NA
CVE-2024-27091
GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to ret...
NA
CVE-2024-27300
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only...
NA
CVE-2024-29184
FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and i...
NA
CVE-2024-2726
Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an malicious user to execute and store malicious javascript code in the application form without prior registration.
NA
CVE-2024-29273
There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.
NA
CVE-2023-48903
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated malicious users to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.
NA
CVE-2024-29469
A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.
NA
CVE-2024-29470
OneBlog v2.3.4 exists to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.
5.4
CVSSv3
CVE-2024-29471
OneBlog v2.3.4 exists to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.
Zhyd Oneblog 2.3.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »