Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stored xss vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-35959
In Plone 5.0 up to and including 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
Plone Plone
NA
CVE-2008-0180
Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
Liferay Liferay Enterprise Portal 2.2.0
Liferay Liferay Enterprise Portal 3.6.1
Liferay Liferay Enterprise Portal 4.1
Liferay Liferay Enterprise Portal 4.1.1
Liferay Liferay Enterprise Portal
Liferay Liferay Enterprise Portal 1.0
Liferay Liferay Enterprise Portal 2.1.0
Liferay Liferay Enterprise Portal 4.3.1
Liferay Liferay Enterprise Portal 2.0
Liferay Liferay Enterprise Portal 2.1.1
Liferay Liferay Enterprise Portal 4.1.3
Liferay Liferay Enterprise Portal 4.3.6
NA
CVE-2015-8503
SecurityCenter contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not ensure that uploaded .audit files are validated before being rendered on the scan results page. This may allow a remote authenticated attacker ...
6.1
CVSSv3
CVE-2019-10070
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality
Apache Atlas 1.1.0
Apache Atlas 0.8.3
6.1
CVSSv3
CVE-2021-27933
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
6.5
CVSSv3
CVE-2019-0213
In Apache Archiva prior to 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the brow...
Apache Archiva
6.1
CVSSv3
CVE-2020-1936
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
Apache Ambari
6.1
CVSSv3
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
Dokuwiki Dokuwiki
6.1
CVSSv3
CVE-2019-12299
Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section.
Sandline Centraleyezer -
5.4
CVSSv3
CVE-2023-43701
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issu...
Apache Superset
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »