15781 matches found
HCL Unica MaxAI Assistant 安全漏洞
HCL Unica MaxAI Assistant is an AI assistant module from HCL India. A security vulnerability exists in HCL Unica MaxAI Assistant that stems from improper handling of client-side special characters, which could lead to HTML injection attacks...
PT-2025-41708
Name of the Vulnerable Software and Affected Versions HCL Unica MaxAI Assistant affected versions not specified Description HCL Unica MaxAI Assistant is susceptible to a HTML injection issue. An attacker could insert special characters that are processed client-side within the user’s session...
CVE-2025-55903
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
EUVD-2025-33769
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
CVE-2025-60378
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...
CVE-2025-60378
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...
CVE-2025-61788
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...
CVE-2025-55903
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
RISE Ultimate Project Manager & CRM 安全漏洞
RISE Ultimate Project Manager & CRM is a project management system from RISE. A security vulnerability exists in RISE Ultimate Project Manager & CRM that originates from an authenticated user being able to inject arbitrary HTML into invoices and messages, which could lead to phishing attacks,...
Perfex CRM 安全漏洞
Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM version 3.3.1 that stems from uncleaned user input and could lead to an HTML injection...
CVE-2025-55903
Summary: CVE-2025-55903 affects Perfex CRM v3.3.1 due to a failure to sanitize input in the “Bill To” address field of the estimate module, allowing HTML injection and unescaped rendering in client-facing documents. The issue is documented across multiple sources (NVD, Red Hat, EUVD, CNNVD, etc.)...
CVE-2025-55903
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
CVE-2025-60378
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...
CVE-2025-60378
CVE-2025-60378 affects RISE Ultimate Project Manager & CRM. A stored HTML injection allows authenticated users to inject arbitrary HTML into invoices and messages, with injected content rendering in emails, PDFs, and messaging/chat modules sent to clients or team members. This enables phishing, c...
EUVD-2025-33722
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...
CVE-2025-61788
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...
EUVD-2025-33290
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...
PT-2025-41298
Name of the Vulnerable Software and Affected Versions Opencast versions prior to 17.8 Opencast versions prior to 18.2 Description Opencast is a platform for managing educational audio and video content. Prior to versions 17.8 and 18.2, the paella component included and rendered user inputs, such ...
EUVD-2020-30230
Malware in sbrugna...
EUVD-2017-8038
Malware in sbrugna...