Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stored xss vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-35959
In Plone 5.0 up to and including 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
Plone Plone
4.3
CVSSv2
CVE-2008-0180
Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
Liferay Liferay Enterprise Portal 3.6.1
Liferay Liferay Enterprise Portal 4.3.1
Liferay Liferay Enterprise Portal 2.1.0
Liferay Liferay Enterprise Portal
Liferay Liferay Enterprise Portal 2.1.1
Liferay Liferay Enterprise Portal 1.0
Liferay Liferay Enterprise Portal 2.2.0
Liferay Liferay Enterprise Portal 4.1.3
Liferay Liferay Enterprise Portal 4.1
Liferay Liferay Enterprise Portal 2.0
Liferay Liferay Enterprise Portal 4.3.6
Liferay Liferay Enterprise Portal 4.1.1
NA
CVE-2015-8503
SecurityCenter contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not ensure that uploaded .audit files are validated before being rendered on the scan results page. This may allow a remote authenticated attacker ...
4.3
CVSSv2
CVE-2019-10070
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality
Apache Atlas 1.1.0
Apache Atlas 0.8.3
4.3
CVSSv2
CVE-2020-1936
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
Apache Ambari
5.5
CVSSv2
CVE-2019-0213
In Apache Archiva prior to 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the brow...
Apache Archiva
4.3
CVSSv2
CVE-2021-27933
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
Pfsense Pfsense 2.5.0
4.3
CVSSv2
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
Dokuwiki Dokuwiki
4.3
CVSSv2
CVE-2019-12299
Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section.
Sandline Centraleyezer -
NA
CVE-2023-43701
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issu...
Apache Superset
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »