Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-41317
XSS Hunter Express prior to 2021-09-17 does not properly enforce authentication requirements for paths.
Xss Hunter Express Project Xss Hunter Express
NA
CVE-2022-21169
The package express-xss-sanitizer prior to 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the malicious user to bypass xss sanitization.
Express Xss Sanitizer Project Express Xss Sanitizer
4.3
CVSSv2
CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling X...
Apache Sling Xss Protection Api
Apache Sling Xss Protection Api 2.0.0
Apache Sling Xss Protection Api Compat 1.1.0
4.3
CVSSv2
CVE-2010-1647
Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.2
6.8
CVSSv2
CVE-2010-1648
Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the ...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.2
2.6
CVSSv2
CVE-2011-4344
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins prior to 1.438, and 1.409 LTS prior to 1.409.3 LTS, when a stand-alone container is used, allows remote malicious users to inject arbitrary web script or HTML via vectors related to error messages.
Jenkins Jenkins 1.409.1
Jenkins Jenkins 1.409.2
Jenkins Jenkins
4.3
CVSSv2
CVE-2010-2491
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup prior to 1.4.14 allows remote malicious users to inject arbitrary web script or HTML via the template argument to the /issue program.
Roundup-tracker Roundup 0.7.1
Roundup-tracker Roundup 0.7.4
Roundup-tracker Roundup 0.7.3
Roundup-tracker Roundup 0.7.0
Roundup-tracker Roundup 0.8.4
Roundup-tracker Roundup 0.8.5
Roundup-tracker Roundup 0.8.0
Roundup-tracker Roundup 1.1.2
Roundup-tracker Roundup 1.1.1
Roundup-tracker Roundup 1.1.0
Roundup-tracker Roundup 0.6.11
Roundup-tracker Roundup 0.5.1
Roundup-tracker Roundup 0.5.2
Roundup-tracker Roundup 0.1.1
Roundup-tracker Roundup 0.1.0
Roundup-tracker Roundup 0.1.3
Roundup-tracker Roundup 0.4.0
Roundup-tracker Roundup 0.3.0
Roundup-tracker Roundup 0.4.1
Roundup-tracker Roundup 0.6.0
Roundup-tracker Roundup 0.6.6
Roundup-tracker Roundup 0.6.5
1.7
CVSSv2
CVE-2011-0790
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
Sun Sunos 5.9
Sun Sunos 5.10
4.3
CVSSv2
CVE-2015-6938
Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook prior to 3.2.2 and Jupyter Notebook 4.0.x prior to 4.0.5 allows remote malicious users to inject arbitrary web script or HTML via a folder name. NOTE: this was originally r...
Jupyter Notebook 4.0.4
Jupyter Notebook 4.0.3
Jupyter Notebook 4.0.2
Jupyter Notebook 4.0.1
Jupyter Notebook 4.0.0
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Ipython Notebook
4.3
CVSSv2
CVE-2015-4707
Cross-site scripting (XSS) vulnerability in IPython prior to 3.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
Ipython Ipython
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »