Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-3411
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration prior to 8.7.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.
Synacor Zimbra Collaboration Suite
1 EDB exploit
6.1
CVSSv3
CVE-2017-14620
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
Smartertools Smarterstats 11.3.6347
1 EDB exploit
5.4
CVSSv3
CVE-2019-13977
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
Ovidentia Ovidentia 8.4.3
1 EDB exploit
6.1
CVSSv3
CVE-2019-12562
Stored Cross-Site Scripting in DotNetNuke (DNN) Version prior to 9.4.0 allows remote malicious users to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding use...
Dnnsoftware Dotnetnuke
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2018-5479
FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for malicious users to steal sessions of...
Foxsash Imghosting 1.5
1 EDB exploit
6.1
CVSSv3
CVE-2018-5715
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
Sugarcrm Sugarcrm 3.5.1
1 EDB exploit
4.7
CVSSv3
CVE-2018-6193
A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl.
Routers2 Project Routers2 2.24
1 EDB exploit
4.8
CVSSv3
CVE-2018-11512
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted we...
Creatiwity Witycms 0.6.1
1 EDB exploit
4.8
CVSSv3
CVE-2019-13029
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 prior to 8.10.20 and 9 prior to 9.1.2 allow an malicious user to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Vanderbilt Redcap
1 EDB exploit
6.1
CVSSv3
CVE-2017-16884
Cross-site scripting (XSS) vulnerability in MistServer prior to 2.13 allows remote malicious users to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
Mistserver Mistserver
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »