Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2023_46805
Penetration testing of https://ris.ucll.be/ Tools used Nmap It looks like the host is running on Azure since the ports are open by default 1221 and 8172. This is also indicated by the fingerprint Microsoft Azure Web App. The Python webserver being used is Gunicorn, it is a Unix b...
1 Github repository
7.2
CVSSv3
CVE-2024-22107
An issue exists in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attac...
Gttb Gtb Central Console 15.17.1-30814.ng
9.8
CVSSv3
CVE-2024-22108
An issue exists in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known v...
Gttb Gtb Central Console 15.17.1-30814.ng
9.8
CVSSv3
CVE-2023-6458
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an malicious user to perform a client-side path traversal.
Mattermost Mattermost Server
5.4
CVSSv3
CVE-2023-35075
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an malicious user to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-5858
Inappropriate implementation in WebApp Provider in Google Chrome before 119.0.6045.105 allowed a remote malicious user to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
Google Chrome
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
4.6
CVSSv3
CVE-2023-4892
Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.
Sismics Teedy 1.11
9.1
CVSSv3
CVE-2023-42454
SQLpage is a SQL-only webapp builder. Someone using SQLpage versions before 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the `sqlpage/sqlpage.json` configuration file (not in an environment variable), with the web_root is the ...
Lovasoa Sqlpage
4.3
CVSSv3
CVE-2023-3733
Inappropriate implementation in WebApp Installs in Google Chrome before 115.0.5790.98 allowed a remote malicious user to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Google Chrome
9.8
CVSSv3
CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows malicious user to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contain...
Apache Jackrabbit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »