Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6431
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the ...
Bmforum Bmforum 5.6
3 EDB exploits
6.1
CVSSv3
CVE-2018-8831
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) up to and including 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
Kodi Kodi
1 EDB exploit
NA
CVE-2009-3186
Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote malicious users to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.
Videogirls Videogirls Biz
3 EDB exploits
NA
CVE-2007-2300
Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3...
Surat Kabar Phpwebnews 0.1
Surat Kabar Phpwebnews 0.2
3 EDB exploits
NA
CVE-2009-3360
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
Datemill Datemill 1.0
3 EDB exploits
6.1
CVSSv3
CVE-2018-7653
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
Yzmcms Yzmcms 3.6
1 EDB exploit
6.1
CVSSv3
CVE-2018-5715
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
Sugarcrm Sugarcrm 3.5.1
1 EDB exploit
6.1
CVSSv3
CVE-2018-15596
An issue exists in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren...
Mybb Mybb 1.8.17
1 EDB exploit
6.1
CVSSv3
CVE-2016-9834
An XSS vulnerability allows remote malicious users to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware up to and including 10.6.4. User interaction is required to exploit this vulnerability in that the target must ...
Sophos Cyberoam Firmware
1 EDB exploit
6.1
CVSSv3
CVE-2017-12984
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
Phpmywind Phpmywind 5.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »