Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web gateway vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1611
Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Symantec Brightmail Gateway 9.5
Symantec Brightmail Gateway 9.5.1
6.1
CVSSv3
CVE-2020-8245
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 prior to 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 prior to 12.1-58.15, Citrix ADC 12.1-FIPS prior to 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 prior to 11.1-65...
Citrix Application Delivery Controller Firmware
Citrix Gateway
Citrix Netscaler Gateway
6.1
CVSSv3
CVE-2021-39308
The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 3.0.
Woo-myghpay-payment-gateway Project Woo-myghpay-payment-gateway
7.5
CVSSv3
CVE-2004-2397
The web-based Management Console in Blue Coat Security Gateway OS 3.0 up to and including 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows malicious users to steal digital certificates.
Broadcom Bluecoat Security Gateway 3.2.1
Broadcom Bluecoat Security Gateway
6.1
CVSSv3
CVE-2019-9696
Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable malicious users to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used...
Symantec Vip Enterprise Gateway
Symantec Vip Enterprise Gateway 9.7
NA
CVE-2014-4549
Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin prior to 0.1.6.7 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter.
Woocommerce Sagepay Direct Payment Gateway Project Woocommerce Sagepay Direct Payment Gateway
9.8
CVSSv3
CVE-2019-9169
In the GNU C Library (aka glibc or libc6) up to and including 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
Gnu Glibc
Netapp Steelstore Cloud Integrated Storage -
Netapp Ontap Select Deploy Administration Utility -
Netapp Cloud Backup
Mcafee Web Gateway
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
NA
CVE-2008-3082
Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote malicious users to inject arbitrary web script or HTML via the PARAMS parameter.
Commtouch Enterprise Anti-spam Gateway 4
Commtouch Enterprise Anti-spam Gateway 5
6.1
CVSSv3
CVE-2016-6359
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote malicious users to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817.
Cisco Transport Gateway Installation Software 4.1\\(4.0\\)
9.1
CVSSv3
CVE-2021-46825
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy...
Broadcom Advanced Secure Gateway 6.7
Broadcom Proxysg 6.7
Broadcom Proxysg 7.3
Broadcom Advanced Secure Gateway 7.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »