CVE-2025-66474

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...

CVE-2025-34182

Deciso OPNsense before 25.7.4 is affected by a stored XSS vulnerability in the ptpid parameter used when creating Interfaces: Devices: Point-to-Point entries. The value isn’t sanitized of HTML-related characters/strings and is echoed on interfaces_assign.php, enabling stored XSS. An attacker must...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when rendering HTML-based content, due to improper sanitization of input passed to fields. Exploiting this vulnerability is possible by attackers with form edit privilege and results in stored XSS. Details...

Cross site scripting

Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...

PT-2023-24674 · Avo · Avo

Name of the Vulnerable Software and Affected Versions: Avo affected versions not specified Description: The issue concerns some Avo fields being vulnerable to Cross Site Scripting XSS when rendering HTML-based content. Attackers need form edit privilege to exploit this vulnerability, but the...

CVE-2020-16104

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects:...