inject vulnerabilities and exploits

(subscribe to this query)

4.3

CVSSv2

Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page....

Google Chrome Debian Debian Linux 8.0 Debian Debian Linux 9.0 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 6.0

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....

Elastic Kibana 4.0.0 Elastic Kibana 4.0.1 Elastic Kibana 4.0.2

7.5

CVSSv2

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE:...

Ruby-lang Ruby Ruby-lang Ruby 2.5.0

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....

Jenkins-ci Monitoring Plugin 1.40.0 Jenkins-ci Monitoring Plugin 1.41.0 Jenkins-ci Monitoring Plugin 1.42.0 Jenkins-ci Monitoring Plugin 1.43.0 Jenkins-ci Monitoring Plugin 1.44.0 Jenkins-ci Monitoring Plugin 1.45.0 Jenkins-ci Monitoring Plugin 1.46.0 Jenkins-ci Monitoring Plugin 1.47.0 Jenkins-ci Monitoring Plugin 1.48.0 Jenkins-ci Monitoring Plugin 1.49.0 Jenkins-ci Monitoring Plugin 1.50.0 Jenkins-ci Monitoring Plugin 1.51.0 Jenkins-ci Monitoring Plugin 1.52.0 Jenkins-ci Monitoring Plugin

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors....

Redhat Jboss Enterprise Portal Platform 6.1.0

4.3

CVSSv2

Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."...

Google Chrome1 Article available

6.8

CVSSv2

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox....

Icetea-web Project Icetea-web Icetea-web Project Icetea-web 1.8.21 Github repository available

3.5

CVSSv2

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL....

Phpmyadmin Phpmyadmin2 Github repositories available

3.5

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs....

Redhat Jbpm 6.0.0

4.3

CVSSv2

Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers....

Elastic Kibana

Get Started

« PREV 1 2 3 4 5 6 7 8 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook