Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stored xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-3826
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri...
Prometheus Prometheus
Redhat Openshift Container Platform 3.11
6.1
CVSSv3
CVE-2017-12583
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
Dokuwiki Dokuwiki
4.8
CVSSv3
CVE-2023-0007
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser w...
Paloaltonetworks Pan-os
NA
CVE-2024-0007
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated admini...
4.8
CVSSv3
CVE-2022-2941
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on out...
Wp-useronline Project Wp-useronline
1 EDB exploit
5.4
CVSSv3
CVE-2022-20969
A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An atta...
Cisco Umbrella 003.003\\(000\\)
6.1
CVSSv3
CVE-2020-25761
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive informatio...
Projectworlds Visitor Management System In Php 1.0
4.8
CVSSv3
CVE-2023-6789
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload e...
Paloaltonetworks Pan-os
7.5
CVSSv3
CVE-2018-15819
EasyIO EasyIO-30P devices prior to 2.0.5.27 have Incorrect Access Control, related to webuser.js.
Easyio Easyio 30p Firmware
6.1
CVSSv3
CVE-2018-15820
EasyIO EasyIO-30P devices prior to 2.0.5.27 allow XSS via the dev.htm GDN parameter.
Easyio Easyio 30p Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »