Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflected xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-12653
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
Myadrenalin Adrenalin 5.4.0
1 EDB exploit
6.1
CVSSv3
CVE-2020-3599
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the we...
Cisco Adaptive Security Appliance
Cisco Adaptive Security Appliance Software
6.1
CVSSv3
CVE-2023-27572
An issue exists in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability exists in the https_redirect.php web page via the page parameter.
Commscope Dg3450 Firmware Ar01.02.056.18 041520 711.ncs.10
6.1
CVSSv3
CVE-2019-11604
An issue exists in Quest KACE Systems Management Appliance prior to 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application ...
Quest Kace Systems Management Appliance
8.8
CVSSv3
CVE-2019-9164
Command injection in Nagios XI prior to 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
Nagios Nagios Xi
7.8
CVSSv3
CVE-2019-9166
Privilege escalation in Nagios XI prior to 5.5.11 allows local malicious users to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
Nagios Nagios Xi
1 Github repository
9.8
CVSSv3
CVE-2019-9203
Authorization bypass in Nagios IM (component of Nagios XI) prior to 2.2.7 allows closing incidents in IM via the API.
Nagios Incident Manager
1 Github repository
8.8
CVSSv3
CVE-2019-9202
Nagios IM (component of Nagios XI) prior to 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
Nagios Incident Manager
1 Github repository
9.8
CVSSv3
CVE-2019-9204
SQL injection vulnerability in Nagios IM (component of Nagios XI) prior to 2.2.7 allows malicious users to execute arbitrary SQL commands.
Nagios Incident Manager
1 Github repository
9.8
CVSSv3
CVE-2019-9165
SQL injection vulnerability in Nagios XI prior to 5.5.11 allows malicious users to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
Nagios Nagios Xi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »