Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-15540
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an malicious user to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal.
Agentejo Cockpit -
4.3
CVSSv2
CVE-2014-3428
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
Yealink Voip Phone 28.2.0.128.0.0.0
6.8
CVSSv2
CVE-2014-9337
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks vi...
Mikiurl Wordpress Eklentisi Project Mikiurl Wordpress Eklentisi
4.3
CVSSv2
CVE-2012-0253
Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife prior to 5.0.13 allow remote malicious users to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) th...
Demandmedia Pluck Sitelife
6.8
CVSSv2
CVE-2018-15539
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
Agentejo Cockpit -
6.8
CVSSv2
CVE-2012-0993
Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote malicious users to execute arbitrary PHP code via the viewer_size_image_saved cookie.
Zenphoto Zenphoto 1.4.2
6
CVSSv2
CVE-2012-0994
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
Zenphoto Zenphoto 1.4.2
4.3
CVSSv2
CVE-2014-4727
Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware prior to 140916 allows remote malicious users to inject arbitrary web script or HTML via the hostname in a DHCP request.
Tp-link Tl-wdr4300 Firmware
Tp-link Tl-wdr4300 -
5
CVSSv2
CVE-2014-4728
The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware prior to 140916 allows remote malicious users to cause a denial of service (crash) via a long header in a GET request.
Tp-link Tl-wdr4300 Firmware
Tp-link Tl-wdr4300 -
9.4
CVSSv2
CVE-2018-14916
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
Loytec Lgate-902 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »