Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-41317
XSS Hunter Express prior to 2021-09-17 does not properly enforce authentication requirements for paths.
Xss Hunter Express Project Xss Hunter Express
NA
CVE-2022-21169
The package express-xss-sanitizer prior to 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the malicious user to bypass xss sanitization.
Express Xss Sanitizer Project Express Xss Sanitizer
383
VMScore
CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling X...
Apache Sling Xss Protection Api
Apache Sling Xss Protection Api 2.0.0
Apache Sling Xss Protection Api Compat 1.1.0
383
VMScore
CVE-2010-1647
Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.2
605
VMScore
CVE-2010-1648
Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the ...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.2
383
VMScore
CVE-2010-2491
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup prior to 1.4.14 allows remote malicious users to inject arbitrary web script or HTML via the template argument to the /issue program.
Roundup-tracker Roundup 0.7.1
Roundup-tracker Roundup 0.7.4
Roundup-tracker Roundup 0.7.3
Roundup-tracker Roundup 0.7.0
Roundup-tracker Roundup 0.8.4
Roundup-tracker Roundup 0.8.5
Roundup-tracker Roundup 0.8.0
Roundup-tracker Roundup 1.1.2
Roundup-tracker Roundup 1.1.1
Roundup-tracker Roundup 1.1.0
Roundup-tracker Roundup 0.6.11
Roundup-tracker Roundup 0.5.1
Roundup-tracker Roundup 0.5.2
Roundup-tracker Roundup 0.1.1
Roundup-tracker Roundup 0.1.0
Roundup-tracker Roundup 0.1.3
Roundup-tracker Roundup 0.4.0
Roundup-tracker Roundup 0.3.0
Roundup-tracker Roundup 0.4.1
Roundup-tracker Roundup 0.6.0
Roundup-tracker Roundup 0.6.6
Roundup-tracker Roundup 0.6.5
231
VMScore
CVE-2011-4344
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins prior to 1.438, and 1.409 LTS prior to 1.409.3 LTS, when a stand-alone container is used, allows remote malicious users to inject arbitrary web script or HTML via vectors related to error messages.
Jenkins Jenkins 1.409.1
Jenkins Jenkins 1.409.2
Jenkins Jenkins
151
VMScore
CVE-2011-0790
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
Sun Sunos 5.9
Sun Sunos 5.10
383
VMScore
CVE-2007-0857
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin prior to 1.5.7 allow remote malicious users to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.
Moinmoin Moinmoin 1.5.1
Moinmoin Moinmoin 1.5.2
Moinmoin Moinmoin 1.5.5a
Moinmoin Moinmoin
Moinmoin Moinmoin 1.5.3 Rc2
Moinmoin Moinmoin 1.5.4
Moinmoin Moinmoin 1.5.0
Moinmoin Moinmoin 1.5.5
Moinmoin Moinmoin 1.5.5 Rc1
Moinmoin Moinmoin 1.5.3
Moinmoin Moinmoin 1.5.3 Rc1
383
VMScore
CVE-2015-4707
Cross-site scripting (XSS) vulnerability in IPython prior to 3.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
Ipython Ipython
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »