Exploitdb Exploits

150 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-11708 EXPLOITDB CRITICAL javascript
Firefox ESR < 60.7.2, Firefox < 67.0.4, Thunderbird < 60.7.2 - RCE
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
CVSS 10.0
CVE-2012-2577 EXPLOITDB javascript
SolarWinds Orion Network Performance Monitor < 10.3.1 - Cross-Site Scripting via SNMPD Configuration Fields
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.
CVE-2021-27889 EXPLOITDB MEDIUM javascript
MyBB < 1.8.26 - Cross-Site Scripting via Nested Auto URL Message Parsing
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
CVSS 6.1
CVE-2022-35513 EXPLOITDB HIGH javascript
Blink1Control2 <= 2.2.7 - Weak Password Encryption
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
by p1ckzi
CVSS 7.5
CVE-2019-13720 EXPLOITDB HIGH javascript
Google Chrome <78.0.3904.87 - Use After Free
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Forrest Orr
CVSS 8.8
EIP-2026-113476 EXPLOITDB javascript VERIFIED
Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)
by samguy
CVE-2017-5941 EXPLOITDB CRITICAL javascript
node-serialize < 0.0.4 - Remote Code Execution via Unserialize Function
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
by Beren Kuday GÖRÜN
CVSS 9.8
CVE-2013-3893 EXPLOITDB HIGH javascript
Microsoft Internet Explorer 6-11 - Remote Code Execution via SetMouseCapture Use-After-Free
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
by SlidingWindow
CVSS 8.8
CVE-2020-0674 EXPLOITDB HIGH javascript
Internet Explorer - Remote Code Execution via Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
by Forrest Orr
CVSS 7.5
CVE-2019-17026 EXPLOITDB HIGH javascript
Firefox < 72.0.1 and Firefox ESR < 68.4.1 - Type Confusion in IonMonkey JIT Compiler
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
by Forrest Orr
CVSS 8.8
CVE-2021-47963 EXPLOITDB HIGH javascript
Anote 1.0 Persistent Cross-Site Scripting Remote Code Execution
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands when opened, enabling remote code execution on the victim's computer.
by TaurusOmar
CVSS 7.2
CVE-2021-47844 EXPLOITDB MEDIUM javascript
Xmind 2020 - Stored Cross-Site Scripting via Malicious Mind Mapping File
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.
by TaurusOmar
CVSS 6.1
CVE-2021-47843 EXPLOITDB MEDIUM javascript
Tagstoo 2.0.1 - Stored Cross-Site Scripting via File or Custom Tag Injection
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer.
by TaurusOmar
CVSS 5.4
CVE-2021-47842 EXPLOITDB HIGH javascript
StudyMD 0.3.2 - Stored Cross-Site Scripting via Markdown File Upload
StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.
by TaurusOmar
CVSS 7.2
CVE-2021-47841 EXPLOITDB MEDIUM javascript
SnipCommand 0.1.0 - Stored Cross-Site Scripting via File or Title Input
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs.
by TaurusOmar
CVSS 6.1
CVE-2021-47840 EXPLOITDB HIGH javascript
Moeditor 0.2.0 - Stored Cross-Site Scripting via Markdown File Upload
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's system.
by TaurusOmar
CVSS 7.2
CVE-2021-47839 EXPLOITDB HIGH javascript
Marky 0.0.1 - Stored Cross-Site Scripting via Crafted Markdown File Upload
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.
by TaurusOmar
CVSS 7.2
CVE-2021-47838 EXPLOITDB HIGH javascript
Markright 1.0 - Stored Cross-Site Scripting via Crafted Markdown Files
Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system.
by TaurusOmar
CVSS 7.2
CVE-2021-47837 EXPLOITDB HIGH javascript
Markdownify 1.2.0 - Stored Cross-Site Scripting via Crafted Markdown File Upload
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution.
by TaurusOmar
CVSS 7.2
CVE-2021-47836 EXPLOITDB MEDIUM javascript
Markdown Explorer 0.1.1 - Stored Cross-Site Scripting via File Upload
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowing code execution on the host.
by Taurus Omar
CVSS 6.1
CVE-2021-47835 EXPLOITDB HIGH javascript
Freeter 1.2.1 - Stored Cross-Site Scripting via Custom Widget Titles and Files
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution.
by TaurusOmar
CVSS 7.2
CVE-2020-16040 EXPLOITDB MEDIUM javascript
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by r4j0x00
CVSS 6.5
CVE-2020-6507 EXPLOITDB HIGH javascript
Google Chrome < 83.0.4103.106 - Remote Code Execution via V8 Out of Bounds Write
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by r4j0x00
CVSS 8.8
CVE-2021-27890 EXPLOITDB HIGH javascript
MyBB < 1.8.26 - SQL Injection via Theme XML File Properties
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
by SivertPL
CVSS 8.8
EIP-2026-113509 EXPLOITDB javascript
Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection
by gx1
By Source
All 150 Writeup 61,635 Exploitdb 50,073 Nomisec 22,241 Github 3,373 Metasploit 3,293 Vulncheck_xdb 923 Inthewild 514 Gitlab 467 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,440 ruby 5,983 c 3,617 perl 2,849 html 2,065 php 1,331 bash 462 java 368 c++ 255 javascript 227 shell 116 go 72 postscript 25 typescript 24