Fairsketch RISE CRM Framework 跨站脚本漏洞

FairSketch Fairsketch RISE CRM Framework is a team management and customer relationship management framework from FairSketch, Inc. A cross-site scripting vulnerability exists in Fairsketch RISE CRM Framework version 3.8.1, which stems from insufficient validation of user input for the parameter...

PT-2025-46331

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply message' in '/messages/reply'...

Fairsketch RISE CRM Framework 跨站脚本漏洞

FairSketch Fairsketch RISE CRM Framework is a team management and customer relationship management framework from FairSketch. A cross-site scripting vulnerability exists in Fairsketch RISE CRM Framework version v3.8.1, which stems from insufficient validation of user input for the parameter...

PT-2025-46334

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first name' in '/clients/save contact/'...

PT-2025-46328

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in'/projects/save'...

CVE-2025-64187

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

CVE-2025-33110

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Security Bulletin: HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application

Summary A specific URL endpoint in IBM OpenPages was found to be vulnerable to unsanitized HTML injection. The application reflects user-supplied input directly into the HTML response without proper encoding or validation, which allows an attacker to inject arbitrary HTML content or tags...

CVE-2025-63785

A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...

CVE-2025-63420

CVE-2025-63420 affects CrushFTP11 prior to 11.3.7_57, where a stored HTML injection in the Admin Panel (Reports / “Who Created Folder”) enables HTML execution in authenticated admin sessions. The root cause is stored HTML injection via folder-creation input, leading to persistent XSS. The exploit...

CVE-2025-33110

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-33110

CVE-2025-33110 affects IBM OpenPages 9.1 and 9.0 with Watson. The issue is HTML injection in the UI, allowing a remote attacker to inject HTML that runs in the victim’s browser within the hosting site’s security context. IBM’s bulletin confirms affected versions and lists fixes: 9.1.2 for 9.1 and...

CVE-2025-33110 IBM OpenPages Vulnerable to HTML Injection

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Security Bulletin: IBM OpenPages Vulnerable to HTML Injection (CVE-2025-33110)

Summary Application API's vulnerable to HTML injection in IBM OpenPages has been addressed in the latest IBM OpenPages fix pack for 9.0 and 9.1 versions. Vulnerability Details CVEID:CVE-2025-33110 DESCRIPTION: IBM OpenPages with Watson is vulnerable to HTML injection. A remote attacker could inje...

CVE-2025-10955 HTML Injection in Netcad Software's Netigma

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings. This issue affects Netigma: from 6.3.5 before 6.3.5 V8...

CVE-2025-10955

The CVE-2025-10955 entry affects Netcad Netigma: improper neutralization of input during web page generation (XSS) via HTTP query strings. Concrete details across connected records indicate affected versions include Netigma 6.3.5 before 6.3.5 V8 and versions up to 28102025. The root cause is impr...

CVE-2025-10955 HTML Injection in Netcad Software's Netigma

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings. This issue affects Netigma: from 6.3.5 before 6.3.5 V8...

IBM OpenPages 安全漏洞

IBM OpenPages is an AI-driven, highly scalable governance, risk and compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages versions 9.1 and 9.0 that stems from susceptibility to an HTML injection attack that could lead to malicious code...

MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities

i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...

HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper sanitization of user-supplied content and Mailgen.generatePlaintextemail retaining HTML tags from input. An attacker can supply crafted content to inject HTML into generated plaintext emails...