Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8072
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
Openmrs Openmrs 2.1
NA
CVE-2014-8073
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote malicious users to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.
Openmrs Openmrs 2.1
NA
CVE-2011-0770
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance prior to 6.1 allows remote malicious users to inject arbitrary web script or HTML via the Windows XP variable in a file.
Hp Arcsight C5400 Appliance
Hp Arcsight C5200 Appliance
Hp Arcsight C3200 Appliance
Hp Arcsight C3400 Appliance
Hp Arcsight C1300 Appliance
Hp Arcsight C1000 Appliance
Hp Windows Event Log Smartconnector
7.8
CVSSv3
CVE-2017-9036
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory.
Trendmicro Serverprotect 3.0
NA
CVE-2009-0413
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote malicious users to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
Roundcube Webmail 0.2
NA
CVE-2014-3428
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
Yealink Voip Phone 28.2.0.128.0.0.0
NA
CVE-2014-9212
Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote malicious users to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section.
Altitude Altitude Unified Customer Interaction 7.5
NA
CVE-2013-4722
Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote malicious users to inject arbitrary web script or HTML via the (1) username, (2) u...
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
NA
CVE-2013-4723
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
NA
CVE-2013-4724
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote malicious users to obtain potentially sensitive informatio...
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »