Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-0134
Cross-site scripting (XSS) vulnerability in the web interface in AirDroid allows remote malicious users to inject arbitrary web script or HTML via a crafted text message that is transmitted by a managed phone.
Airdroid Airdroid -
4.3
CVSSv2
CVE-2011-0770
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance prior to 6.1 allows remote malicious users to inject arbitrary web script or HTML via the Windows XP variable in a file.
Hp Windows Event Log Smartconnector
Hp Arcsight C1300 Appliance
Hp Arcsight C3400 Appliance
Hp Arcsight C5400 Appliance
Hp Arcsight C3200 Appliance
Hp Arcsight C5200 Appliance
Hp Arcsight C1000 Appliance
4.3
CVSSv2
CVE-2012-0253
Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife prior to 5.0.13 allow remote malicious users to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) th...
Demandmedia Pluck Sitelife
3.5
CVSSv2
CVE-2019-17557
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.
Apache Syncope
4.3
CVSSv2
CVE-2009-0413
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote malicious users to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
Roundcube Webmail 0.2
4.3
CVSSv2
CVE-2015-7320
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Codepeople Appointment Booking Calendar
4.3
CVSSv2
CVE-2012-4983
Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device prior to 7.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch.
Forescout Counteract 6.3.4.10
4.3
CVSSv2
CVE-2012-4985
The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote malicious users to conduct ARP poisoning attacks via crafted packets.
Forescout Counteract 6.3.4.10
6.8
CVSSv2
CVE-2015-1614
Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_crunc...
Image Metadata Cruncher Project Image Metadata Cruncher -
2.6
CVSSv2
CVE-2014-1826
Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote malicious users to inject arbitrary web script or HTML via a crafted map name.
Ithoughts Ithoughtshd 4.19
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »