Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-16884
Cross-site scripting (XSS) vulnerability in MistServer prior to 2.13 allows remote malicious users to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
Mistserver Mistserver
1 EDB exploit
5.4
CVSSv3
CVE-2019-13977
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
Ovidentia Ovidentia 8.4.3
1 EDB exploit
8.8
CVSSv3
CVE-2012-2629
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to ad...
Axous Axous
1 EDB exploit
NA
CVE-2012-3232
Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote malicious users to inject arbitrary web script or HTML via the _text[title] parameter.
Webatall Web\\@all 2.0
1 EDB exploit
NA
CVE-2006-5830
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_...
Aiocp Aiocp 1.3.000
Aiocp Aiocp 1.3.007
Aiocp Aiocp 1.3.003
Aiocp Aiocp 1.3.004
Aiocp Aiocp 1.3.001
Aiocp Aiocp 1.3.002
Aiocp Aiocp 1.3.005
Aiocp Aiocp 1.3.006
5 EDB exploits
NA
CVE-2012-6644
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; o...
Clip-bucket Clipbucket 2.6
8 EDB exploits
NA
CVE-2006-5190
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote malicious users to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currenci...
Oscommerce Oscommerce 2.2 Cvs
Oscommerce Oscommerce 2.2 Ms1
Oscommerce Oscommerce 1.13
Oscommerce Oscommerce 1.5.1
Oscommerce Oscommerce 2.1
Oscommerce Oscommerce 1.11
Oscommerce Oscommerce 1.12
Oscommerce Oscommerce
Oscommerce Oscommerce 1.1
Oscommerce Oscommerce 2.2 Ms2
Oscommerce Oscommerce 2.2 Ms3
17 EDB exploits
NA
CVE-2012-4000
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and previous versions allows remote malicious users to inject arbitrary web script or HTML via textinput...
Ckeditor Fckeditor 2.6.3
Ckeditor Fckeditor 2.5
Ckeditor Fckeditor 2.4.3
Ckeditor Fckeditor 2.3
Ckeditor Fckeditor 2.0
Ckeditor Fckeditor 1.2.2
Ckeditor Fckeditor 1.2
Ckeditor Fckeditor 0.9.4
Ckeditor Fckeditor 0.9.3
Ckeditor Fckeditor
Ckeditor Fckeditor 2.6.5
Ckeditor Fckeditor 2.6
Ckeditor Fckeditor 2.4
Ckeditor Fckeditor 2.3.3
Ckeditor Fckeditor 2.1
Ckeditor Fckeditor 1.4
Ckeditor Fckeditor 1.3.1
Ckeditor Fckeditor 1.0
Ckeditor Fckeditor 0.8.5
Ckeditor Fckeditor 0.8
Ckeditor Fckeditor 2.6.4
Ckeditor Fckeditor 2.6.4.1
1 EDB exploit
NA
CVE-2006-5958
Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote malicious users to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.
Infinicart Infinicart
3 EDB exploits
NA
CVE-2012-1417
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
Yealink Gigabit Color Ip Phone Sip-t32g -
Yealink Ip Phone Sip-t28p -
Yealink W52p -
Yealink Ultra-elegant Ip Phone Sip-t41p -
Yealink Gigabit Color Ip Phone Sip-t38g -
Yealink Ip Phone Sip-t19p -
Yealink Ip Video Phone Vp530 -
Yealink Ultra-elegant Ip Phone Sip-t46g -
Yealink Ultra-elegant Ip Phone Sip-t42g -
Yealink Ip Phone Sip-t21p -
Yealink Ip Phone Sip-t20p -
Yealink Ultra-elegant Ip Phone Sip-t48g -
Yealink Ip Phone Sip-t26p -
Yealink Ip Phone Sip-t22p -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »