Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
inject vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4424
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Redhat Jboss Enterprise Portal Platform 6.1.0
5.4
CVSSv3
CVE-2013-6465
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.
Redhat Jbpm 6.0.0
6.1
CVSSv3
CVE-2023-41834
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially in...
Apache Flink Stateful Functions
9.8
CVSSv3
CVE-2018-12532
JBoss RichFaces 4.5.3 up to and including 4.5.17 allows unauthenticated remote malicious users to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
Redhat Richfaces
1 Github repository
5.4
CVSSv3
CVE-2017-15213
Stored XSS vulnerability in Flyspray prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
Flyspray Flyspray
NA
CVE-2013-5645
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail prior to 0.9.3 allow user-assisted remote malicious users to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow re...
Roundcube Webmail 0.9
Roundcube Webmail 0.7.2
Roundcube Webmail 0.7.1
Roundcube Webmail 0.5
Roundcube Webmail 0.3
Roundcube Webmail 0.2
Roundcube Webmail 0.1.1
Roundcube Webmail 0.1
Roundcube Webmail 0.8.3
Roundcube Webmail 0.8.4
Roundcube Webmail 0.8.5
Roundcube Webmail
Roundcube Webmail 0.8.1
Roundcube Webmail 0.5.4
Roundcube Webmail 0.5.3
Roundcube Webmail 0.4
Roundcube Webmail 0.2.1
Roundcube Webmail 0.8.2
Roundcube Webmail 0.9.0
Roundcube Webmail 0.9.1
Roundcube Webmail 0.7
Roundcube Webmail 0.6
NA
CVE-2013-4307
Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x prior to 1.19.8, 1.20.x prior to 1.20.7, and 1.21.x prior to 1.21.2 allow (1) remote malicious users to inject arbitrary web script or HTML via a lab...
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
5.4
CVSSv3
CVE-2014-0208
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman prior to 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Theforeman Foreman
7.8
CVSSv3
CVE-2020-8539
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an malicious user to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may b...
Kia Head Unit Firmware Sop.003.30.18.0703
Kia Head Unit Firmware Sop.005.7.181019
Kia Head Unit Firmware Sop.007.1.191209
NA
CVE-2008-3758
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and previous versions (1) allow remote malicious users to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web scr...
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1.1.2
Lussumo Vanilla 1.1.3
Lussumo Vanilla 1.1
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1
Lussumo Vanilla 1.0.1
Lussumo Vanilla
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »