Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-1827
The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote malicious users to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file.
Ithoughts Ithoughtshd 4.19
383
VMScore
CVE-2014-1828
The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote malicious users to cause a denial of service (disk consumption) by uploading a large file.
Ithoughts Ithoughtshd 4.19
605
VMScore
CVE-2015-1614
Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_crunc...
Image Metadata Cruncher Project Image Metadata Cruncher -
383
VMScore
CVE-2015-7320
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Codepeople Appointment Booking Calendar
605
VMScore
CVE-2018-15539
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
Agentejo Cockpit -
383
VMScore
CVE-2011-4054
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote malicious users to inject arbitrary web script or HTML via the postpreservationdata parameter.
Ca Siteminder
NA
CVE-2011-4059
OmniTouch Instant Communication Suite suffers from cross site request forgery and cross site scripting vulnerabilities.
668
VMScore
CVE-2018-15540
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an malicious user to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal.
Agentejo Cockpit -
383
VMScore
CVE-2019-8939
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.
Tautulli Tautulli 2.1.26
383
VMScore
CVE-2014-3428
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
Yealink Voip Phone 28.2.0.128.0.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »