SAP NetWeaver Application Server ABAP 代码注入漏洞

SAP NetWeaver Application Server ABAP is an application server developed by SAP to run ABAP applications. An HTML injection vulnerability exists in SAP NetWeaver Application Server ABAP. An attacker could exploit this vulnerability to construct URLs containing malicious scripts that could be...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection

Overview Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection WE-94 - CVE-2025-54940 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

CVE-2025-54940

Summary of CVE-2025-54940 : A HTML injection vulnerability exists in WordPress plugin Advanced Custom Fields prior to version 6.4.3 . Attackers may have crafted HTML that is rendered, potentially tampering with page display. This vulnerability is evidenced across multiple feeds (NVD, RH, JVN, CNV...

PT-2025-32344 · WordPress · Advanced Custom Fields Pro

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields versions prior to 6.4.3 Description: An HTML injection issue exists in the Advanced Custom Fields plugin. Exploitation of this issue may allow crafted HTML code to be rendered, potentially tampering with page display...

WordPress plugin Advanced Custom Fields 代码注入漏洞

WordPress Advanced Custom Fields Plugin is a powerful custom fields plugin for WordPress that allows you to add many types of custom fields such as images, checkboxes, files, text, etc. to posts, pages, categories, users, and other objects, and supports exporting to XML or PHP code, and can be...

JVN#21048820: WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection

Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection CWE-94 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N Base Score 4.6 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N Base Score 3.4 CVE-2025-54940 Impact Crafted HTML code may be...

CVE-2025-51534

OpenAtlas v8.11.0 from Austrian Archaeological Institute is affected by a cross-site scripting (XSS) issue that allows injecting a crafted payload into the Name field to execute arbitrary web scripts/HTML. CVSS v3.1 base score 8.1 (HIGH) with NETWORK attack vector, low attack complexity, user int...

CVE-2025-26064

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device...

CVE-2024-49343

IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

CVE-2025-8319

CVE-2025-8319 affects Barracuda Message Archiver (BMA) where the login interface permits arbitrary JavaScript/HTML to be written into the page’s DOM via the error= URL parameter, enabling cross-site scripting (XSS). The issue is triggered by the error parameter and involves the BMA web interface,...

CVE-2024-49343

IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2024-49343

IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2024-49343

CVE-2024-49343 affects IBM Informix Dynamic Server (IDS) versions 12.10 and 14.10. The issue is an HTML injection vulnerability: a remote attacker can inject malicious HTML that is rendered in the victim’s browser within the hosting site’s security context. The provided documents do not describe ...

CVE-2024-49343 IBM Informix Dynamic Server HTML injection

IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...