CVE-2005-2055

RealPlayer 8, 10, 10.5 6.0.12.1040-1069, and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers"...

Fortra GoAnywhere 安全漏洞

Fortra GoAnywhere is a secure file transfer solution from Fortra USA. A security vulnerability exists in Fortra GoAnywhere versions prior to 7.8.0 that stems from a lack of input validation in the Web Client, which could result in the insertion of arbitrary HTML or JavaScript...

CVE-2025-22373

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

GHSA-X82R-6J37-VRGG Pimcore's Admin Classic Bundle allows HTML Injection

Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. Details The vulnerability was discovered in the...

Pimcore's Admin Classic Bundle allows HTML Injection

Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. Details The vulnerability was discovered in the...

CVE-2025-2946 Cross-Site Vulnerability(XSS) due to arbitrary HTML/JavaScript gets executed while query result rendering in Query Tool and View/Edit Data Tool of pgAdmin 4

pgAdmin = 9.1 is affected by a security vulnerability with Cross-Site ScriptingXSS. If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser...

ChuanhuChatGPT HTML Injection Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An HTML injection vulnerability exists in chuanhuchatgpt version 20b2e02, which stems from improper HTML tag cleanup in chat history uploads,...

Linux Distros Unpatched Vulnerability : CVE-2021-32809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The...

CVE-2024-39272

A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2024-39272

A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2024-39272

CVE-2024-39272 affects ClearML Enterprise Server 3.22.5-1533. The issue is a cross-site scripting (XSS) vulnerability in the dataset upload functionality, allowing an attacker with an existing ClearML account to upload HTML files which can execute JavaScript in the browser of an authenticated use...

CVE-2024-39272

A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2024-51182

HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter...

CVE-2024-52762

A cross-site scripting XSS vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter...

The vulnerability of the Portal for ArcGIS web portal involves incorrect elimination of special elements in the output data used by the incoming component. This allows a malicious user to execute arbitrary HTML code.

The vulnerability of the Portal for ArcGIS web portal is related to incorrect neutralization of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...

CVE-2024-37844

MangoOS is affected by a stored XSS vulnerability prior to version 5.2.0. The issue allows an attacker to execute arbitrary web scripts or HTML via a crafted payload, impacting web interfaces. Affected: MangoOS before 5.2.0. Root cause: stored XSS in the web context. Impact: potential data exposu...

Cisco Secure Firewall Management Center Software HTML Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due ...

CVE-2024-48279

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request...

CVE-2024-48279

PHPGurukul User Registration & Login and User Management System 3.2 has a HTML Injection vulnerability in /search-result.php. The searchkey parameter (POST) allows remote attackers to inject/execute arbitrary HTML. Root cause is not detailed beyond this; CVSS v3.1 vector indicates high impact wit...

CVE-2024-48279

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request...