CVE-2025-59411 CubeCart Stored/Reflected HTML Injection Vulnerability in Contact Enquiry

CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin receives an email containing that HTML. This indicates user...

mailgen 跨站脚本漏洞

mailgen is an email generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen versions prior to 2.0.30, which stems from a failure to properly handle user-generated content and could lead to an HTML injection attack...

PT-2025-38743

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.5.11 Description CubeCart is an ecommerce software solution. The contact form’s Enquiry field accepts raw HTML, which is included directly in the email sent to the store administrator. Submitting HTML through the...

Exploit for Improper Input Validation in Smartbear Swagger_Ui

swagger-ui POC for Testing HTML Injection in Swagger UI CVE-...

naughty-images

This repository contains a collection of SVG images that exploit the SVG vulnerability in various browsers, allowing for cross-site scripting XSS attacks. The images are designed to trigger the vulnerability when loaded in a browser, potentially allowing an attacker to execute malicious code on t...

WordPress Media Player Addons for Elementor plugin cross-site scripting vulnerability

WordPress Media Player Addons for Elementor plugin is a plugin designed for Elementor page builder, mainly used to extend the media playback functionality. A cross-site scripting vulnerability exists in the WordPress Media Player Addons for Elementor plugin, which stems from insufficient input...

CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

CVE-2025-8276

CVE-2025-8276 affects Patika Global Technologies’ HumanSuite (prior to 53.21.0). The issue stems from improper encoding/escaping of output and insufficient neutralization of input in web page generation, enabling Cross-Site Scripting (XSS) and injection-style risks (including potential code/data ...

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

CVE-2025-55996

Viber Desktop 25.6.0 is affected by a HTML Injection vulnerability caused by improper handling of the text parameter in the message compose/forward interface. The issue can be triggered via the text field and has a CVSSv3.1 base score of 6.3 (Medium) with NETWORK attack vector, requiring user int...

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

Linux Distros Unpatched Vulnerability : CVE-2024-23817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Version 18.0.4 has a HTML Injection vulnerability in...

Linux Distros Unpatched Vulnerability : CVE-2022-22293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter. CVE-2022-22293 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2023-22288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into...

Linux Distros Unpatched Vulnerability : CVE-2019-17223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. CVE-2019-17223 Note that Nessus relies on the presence of the package as...

CVE-2025-58353

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as replace/javascript:/gi, ''. Because the package uses multi-character tokens and each replacement ...

Linux Distros Unpatched Vulnerability : CVE-2024-36123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...