Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web frontend vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2005-2029
amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote malicious users to obtain the database username and password via a direct request to the file.
Amarok Web Frontend 1.3
383
VMScore
CVE-2016-6846
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend prior to 7.6.2-rev59, 7.8.0 prior to 7.8.0-rev38, 7.8.2 prior to 7.8.2-rev8; AppSuite frontend prior to 7.6.2-rev47, 7.8.0 prior to 7.8.0-rev30, and 7.8.2 prior to 7.8.2-rev8; Office Web prior to 7.6.2...
Open-xchange Open-xchange Appsuite Frontend 7.6.2
Open-xchange Open-xchange Appsuite Backend 7.8.0
Open-xchange Open-xchange Appsuite Backend 7.8.2
Open-xchange Open-xchange Appsuite Backend 7.6.2
Open-xchange Office Web 7.8.0
Open-xchange Open-xchange Appsuite Frontend 7.8.0
Open-xchange Documentconverter-api 7.8.2
Open-xchange Office Web 7.8.2
Open-xchange Office Web 7.6.2
Open-xchange Open-xchange Appsuite Frontend 7.8.2
383
VMScore
CVE-2014-9444
Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI.
Frontend Uploader Project Frontend Uploader 0.9.2
NA
CVE-2023-29454
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the p...
Zabbix Frontend
NA
CVE-2023-29457
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...
Zabbix Frontend
NA
CVE-2023-29455
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of ma...
Zabbix Frontend
187
VMScore
CVE-2022-24918
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious co...
Zabbix Frontend
Zabbix Frontend 6.0.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
755
VMScore
CVE-2012-3448
Unspecified vulnerability in Ganglia Web prior to 3.5.1 allows remote malicious users to execute arbitrary PHP code via unknown attack vectors.
Ganglia Ganglia-web 3.3.1
Ganglia Ganglia-web 3.3.0
Ganglia Ganglia-web 2.1.2
Ganglia Ganglia-web 2.1.1
Ganglia Ganglia-web
Ganglia Ganglia-web 2.1.7
Ganglia Ganglia-web 2.1.6
Ganglia Ganglia-web 3.4.2
Ganglia Ganglia-web 3.4.1
Ganglia Ganglia-web 2.1.5
Ganglia Ganglia-web 2.1.3
Ganglia Ganglia-web 2.2.0
Ganglia Ganglia-web 2.1.8
Ganglia Ganglia-web 2.1.0
1 EDB exploit
187
VMScore
CVE-2022-24349
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed ...
Zabbix Frontend
Zabbix Frontend 6.0.0
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
NA
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin prior to 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the...
Najeebmedia Frontend File Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »