Html Exploits

2,074 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112122 EXPLOITDB html
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
by Mr Winst0n
CVE-2019-8928 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer Professional 7.0.0.2 - Stored Cross-Site Scripting via User Management Form Parameters
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8927 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer Professional 7.0.0.2 - Stored Cross-Site Scripting via Schedule Configuration Parameters
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8926 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer Professional 7.0.0.2 - Cross-Site Scripting via Administration Zone Popup Parameters
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8925 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer 7.0.0.2 Authenticated Path Traversal via CReportPDFServlet
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
by Rafael Pedrero
CVSS 4.3
CVE-2019-8923 EXPLOITDB CRITICAL html
XAMPP <= 5.6.8 - SQL Injection via cds-fpdf.php jahr Parameter
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
by Rafael Pedrero
CVSS 9.8
CVE-2019-8924 EXPLOITDB MEDIUM html
XAMPP <= 5.6.8 - Cross-Site Scripting via cds-fpdf.php interpret or titel Parameter
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8929 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer 7.0.0.2 - Cross-Site Scripting via Device Selection
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
by Rafael Pedrero
CVSS 6.1
EIP-2026-101610 EXPLOITDB html
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
by Adithyan AK
CVE-2019-25247 EXPLOITDB MEDIUM html
Beward N100 H.264 VGA IP Camera M2.1.6 - CSRF
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into submitting the form.
by LiquidWorm
CVSS 5.3
CVE-2019-7391 EXPLOITDB HIGH html
ZyXEL VMG3312-B10B DSL-491HUNU-B1B v2 - CSRF
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
by Yusuf Furkan
CVSS 8.8
CVE-2019-6967 EXPLOITDB HIGH html
AirTies Air5341 1.0.0.12 - Cross-Site Request Forgery via cgi-bin/login
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
by Ali Can Gönüllü
CVSS 8.8
CVE-2019-6710 EXPLOITDB HIGH html
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 - Cross-Site Request Forgery via login.cgi
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
by Ali Can Gönüllü
CVSS 8.8
EIP-2026-103502 EXPLOITDB html
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
by Bogdan Kurinnoy
CVE-2019-6441 EXPLOITDB CRITICAL html
Coship RT3050 RT3052 RT7620 WM3300 - Unauthenticated Admin Password Reset via apply.cgi
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
by Adithyan AK
CVSS 9.8
CVE-2019-6249 EXPLOITDB HIGH html
HuCart 5.7.4 - Cross-Site Request Forgery via Admin Account Addition
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
by AllenChen
CVSS 8.8
EIP-2026-103503 EXPLOITDB html
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
by Bogdan Kurinnoy
CVE-2019-25259 EXPLOITDB MEDIUM html
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - CSRF
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.
by LiquidWorm
CVSS 5.3
CVE-2018-25131 EXPLOITDB HIGH html
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - XSS
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed.
by LiquidWorm
CVSS 7.2
EIP-2026-115645 EXPLOITDB html
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
by Bogdan Kurinnoy
CVE-2018-4443 EXPLOITDB HIGH html VERIFIED
Safari < 12.0.2 - Memory Corruption
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
by Google Security Research
CVSS 8.8
CVE-2018-25435 EXPLOITDB MEDIUM html
ZeusCart 4.0 - Cross-Site Request Forgery via regstatus Endpoint
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.
by mqt
CVSS 5.3
EIP-2026-115644 EXPLOITDB html
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service
by Bogdan Kurinnoy
CVE-2018-19829 EXPLOITDB MEDIUM html
Artica Integria IMS 5.0.83 - Cross-Site Request Forgery in User List Management
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
by Javier Olmedo
CVSS 6.5
EIP-2026-107650 EXPLOITDB html
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
by Sainadh Jamalpur
By Source
All 2,074 Writeup 62,188 Exploitdb 50,076 Nomisec 22,383 Github 3,590 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,552 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25