Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-9037
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote malicious users to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T11711...
Trendmicro Serverprotect 3.0
NA
CVE-2012-0253
Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife prior to 5.0.13 allow remote malicious users to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) th...
Demandmedia Pluck Sitelife
NA
CVE-2012-19331
Newscoop version 3.5.3 suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities.
NA
CVE-2012-4985
The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote malicious users to conduct ARP poisoning attacks via crafted packets.
Forescout Counteract 6.3.4.10
NA
CVE-2008-4408
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions prior to 1.13.2 allows remote malicious users to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.13.1
5.4
CVSSv3
CVE-2017-16908
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.
Horde Groupware 5.2.19
5.4
CVSSv3
CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.
Horde Groupware
NA
CVE-2018-17864
SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)
7.5
CVSSv3
CVE-2018-14918
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
Loytec Lgate-902 Firmware
4.8
CVSSv3
CVE-2014-1454
Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input
Pearson Esis Enterprise Student Information System
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »