CVE-2025-54543

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...

CVE-2025-54544 Stored XSS in QuickCMS

QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...

CVE-2025-55618

In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...

PT-2025-34936 · Hyundai · Hyundai Navigation App

Name of the Vulnerable Software and Affected Versions: Hyundai Navigation App version STD5W.EUR.HMC.230516.afa908d Description: An attacker can inject HTML payloads into the profile name field within the navigation application, leading to the rendering of the injected content. Recommendations:...

CVE-2025-55618

In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...

Hyundai Navigation App 安全漏洞

Hyundai Navigation App is a mobile application for navigation and Telematics services from Hyundai Motor Hyundai, South Korea. A security vulnerability exists in Hyundai Navigation App that stems from improper handling of the profile name field, which could lead to HTML injection...

JetBrains IntelliJ IDEA HTML Injection Vulnerability

JetBrains IntelliJ IDEA is an integrated development environment IDE developed by JetBrains , designed to improve developer productivity and code quality , mainly for Java programming , but also supports Kotlin, Web, Spring and other languages and frameworks . JetBrains IntelliJ IDEA suffers from...

Linux Distros Unpatched Vulnerability : CVE-2021-3816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the groupprefix field during the creation of a new group vi...

Linux Distros Unpatched Vulnerability : CVE-2023-2200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all...

Linux Distros Unpatched Vulnerability : CVE-2025-4278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

SelectZero Data Observability Platform 安全漏洞

SelectZero Data Observability Platform is a data processing platform from SelectZero Estonia. A security vulnerability exists in SelectZero Data Observability Platform versions prior to 2025.5.2, which stems from mishandling of UI fields in older versions and could lead to HTML injection...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...

PT-2025-34773 · Unknown · Selectzero Data Observability Platform

Name of the Vulnerable Software and Affected Versions: SelectZero Data Observability Platform versions prior to 2025.5.2 Description: Improper sanitization of unspecified parameters allows attackers to inject arbitrary text or limited HTML into the login page. Recommendations: Update SelectZero...

PT-2025-34772 · Selectzero · Selectzero Data Observability Platform

Name of the Vulnerable Software and Affected Versions: SelectZero Data Observability Platform versions prior to 2025.5.2 Description: The SelectZero Data Observability Platform is susceptible to HTML injection due to improper handling of user-supplied input in legacy UI fields. This allows for th...

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

IntelliJ IDEA < 2025.2 Multiple Vulnerabilities (macOS)

The version of IntelliJ IDEA installed on the remote host is prior to 2025.2. It is, therefore, affected by a multiple vulnerabilities as referenced in the advisory. - In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference. CVE-2025-57727 - In JetBrains...