Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
inject vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1822
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x prior to 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated user...
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.7
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.6
6.1
CVSSv3
CVE-2023-41834
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially in...
Apache Flink Stateful Functions
5.4
CVSSv3
CVE-2014-0208
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman prior to 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Theforeman Foreman
NA
CVE-2008-3758
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and previous versions (1) allow remote malicious users to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web scr...
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1.1.2
Lussumo Vanilla 1.1.3
Lussumo Vanilla 1.1
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1
Lussumo Vanilla 1.0.1
Lussumo Vanilla
1 EDB exploit
5.4
CVSSv3
CVE-2017-15213
Stored XSS vulnerability in Flyspray prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
Flyspray Flyspray
6.1
CVSSv3
CVE-2021-37860
Mattermost 5.38 and previous versions fails to sufficiently sanitize clipboard contents, which allows a user-assisted malicious user to inject arbitrary web script in product deployments that explicitly disable the default CSP.
Mattermost Mattermost
NA
CVE-2010-1593
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe prior to 2.3.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module prior to 0.2.5 in SilverStripe prior to 2.3.5 allo...
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.1.0
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.1.1
Silverstripe Silverstripe 2.2.2
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.0.0
Silverstripe Silverstripe 2.2.1
Silverstripe Silverstripe 2.2.4
Silverstripe Silverstripe 2.0.1
Silverstripe Silverstripe
Silverstripe Silverstripe 2.0.2
Silverstripe Silverstripe 2.2.0
NA
CVE-2008-2967
Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and previous versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlare...
Yektaweb Academic Web Tools
1 EDB exploit
NA
CVE-2013-5645
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail prior to 0.9.3 allow user-assisted remote malicious users to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow re...
Roundcube Webmail 0.9
Roundcube Webmail 0.7.2
Roundcube Webmail 0.7.1
Roundcube Webmail 0.5
Roundcube Webmail 0.3
Roundcube Webmail 0.2
Roundcube Webmail 0.1.1
Roundcube Webmail 0.1
Roundcube Webmail 0.8.3
Roundcube Webmail 0.8.4
Roundcube Webmail 0.8.5
Roundcube Webmail
Roundcube Webmail 0.8.1
Roundcube Webmail 0.5.4
Roundcube Webmail 0.5.3
Roundcube Webmail 0.4
Roundcube Webmail 0.2.1
Roundcube Webmail 0.8.2
Roundcube Webmail 0.9.0
Roundcube Webmail 0.9.1
Roundcube Webmail 0.7
Roundcube Webmail 0.6
4.7
CVSSv3
CVE-2020-3117
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote malicious user to inject crafted HTTP headers in the web server's response. The vulnerabi...
Cisco Content Security Management Appliance
Cisco Web Security Appliance 11.8.0-382
Cisco Web Security Appliance 12.0.1-268
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »