CVE-2025-15056 Quill 2.0.3 - Lack of data validation in HTML export allowing XSS

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

PT-2026-2446

Name of the Vulnerable Software and Affected Versions Quill version 2.0.3 Description A flaw exists in the HTML export feature of Quill that does not properly validate data, potentially leading to Cross-Site Scripting XSS. This issue was identified by Fluid Attacks' research team. Recommendations...

CVE-2022-23620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandlerprocessSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML...

EUVD-2014-3881

Malware in sbrugna...

EUVD-2022-0891

Malicious code in bioql PyPI...

EUVD-2025-18116

Malicious code in bioql PyPI...

EUVD-2023-0206

Malicious code in bioql PyPI...

GHSA-V33J-V3X4-42QG Regex literal in Hurl files are not escaped when exported to HTML, allowing injections

Given this Hurl file: regex.hurl: GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // When exported to HTML: $ hurlfmt --out html regex.hurl GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // The regex literal // is not escaped: // When opened in a browser, the code i...

CVE-2023-22127

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2023-28458

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

CVE-2023-28459

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit (SDK) allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit SDK exist due to insufficient testing of input data. Exploiting these vulnerabilities can allow attackers to compromise the...

CVE-2024-20930

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2024-20930

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2024-20930

Oracle Outside In Technology in Oracle Fusion Middleware (Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK) is affected in version 8.5.6. The vulnerability is remotely exploitable over HTTP by a low-privileged attacker, enabling unauthorized update, insert/delete, and read ac...

PT-2024-1221 · Oracle · Oracle Outside In Technology

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.6 Description: The issue exists due to insufficient input validation in the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology. This...

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit (SDK) allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit SDK exist due to insufficient testing of input data. Exploiting these vulnerabilities can allow attackers to compromise the...

CVE-2023-22127

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2023-22127

CVE-2023-22127 affects Oracle Outside In Technology (Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK) in Oracle Fusion Middleware, specifically version 8.5.6. The vulnerability allows a low-privileged, network-accessible attacker over HTTP to read data, perform unauthori...

Path Traversal

pretalx is vulnerable to Path Traversal. The vulnerability exists in the HTML export feature in exportschedulehtml.py which allows an attacker to overwrite arbitrary files...