Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

inject vulnerabilities and exploits

(subscribe to this query)

6.1
CVSSv3
CVE-2017-15429
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page....
Google ChromeDebian Debian Linux 9.0Debian Debian Linux 8.0Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Workstation 6.0Redhat Enterprise Linux Server 6.0
NA
CVE-2015-5654
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....
Dojotoolkit Dojo
5.3
CVSSv3
CVE-2017-8812
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline....
Mediawiki Mediawiki 1.28.1Mediawiki MediawikiMediawiki Mediawiki 1.29.0Mediawiki Mediawiki 1.29.1Mediawiki Mediawiki 1.28.0Mediawiki Mediawiki 1.28.2Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it...
Php Php
NA
CVE-2013-4424
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors....
Redhat Jboss Enterprise Portal Platform 6.1.0
5.4
CVSSv3
CVE-2013-6465
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs....
Redhat Jbpm 6.0.0
NA
CVE-2015-4093
Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....
Elastic Kibana 4.0.2Elastic Kibana 4.0.1Elastic Kibana 4.0.0
9.8
CVSSv3
CVE-2017-17790
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE:...
Ruby-lang Ruby 2.5.0Ruby-lang Ruby
NA
CVE-2014-3678
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....
Jenkins-ci Monitoring Plugin 1.45.0Jenkins-ci Monitoring Plugin 1.46.0Jenkins-ci Monitoring Plugin 1.47.0Jenkins-ci Monitoring Plugin 1.48.0Jenkins-ci Monitoring Plugin 1.41.0Jenkins-ci Monitoring Plugin 1.43.0Jenkins-ci Monitoring Plugin 1.50.0Jenkins-ci Monitoring Plugin 1.52.0Jenkins-ci Monitoring Plugin 1.40.0Jenkins-ci Monitoring Plugin 1.42.0Jenkins-ci Monitoring Plugin 1.44.0Jenkins-ci Monitoring Plugin 1.49.0Jenkins-ci Monitoring Plugin 1.51.0Jenkins-ci Monitoring Plugin
5.4
CVSSv3
CVE-2017-15213
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl....
Flyspray Flyspray
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
log injectionCVE-2022-31656CVE-2022-37006CVE-2022-34713wirelessCVE-2022-37007SQL injectionCVE-2022-32429CVE-2022-37024
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook