CVE-2025-40730 HTML injection in Vox Media's Chorus CMS

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...

Security Bulletin: Informix HQ is vulnerable to HTML injection and does not lock out users after multiple incorrect password attempts.

Summary The Informix HQ "alerting configuration" feature is vulnerable to HTML injection because it accepts HTML scripts in the script Location field and only affects their own session, not any other user sessions. Additionally, the Informix HQ application does not enforce a lockout policy, even...

PT-2025-31113 · Ibm · Ibm Informix Dynamic Server

Name of the Vulnerable Software and Affected Versions: IBM Informix Dynamic Server versions 12.10 and 14.10 Description: IBM Informix Dynamic Server is susceptible to HTML injection. A remote attacker can inject malicious HTML code that executes in a victim’s web browser within the security conte...

PT-2025-31063 · Vox Media · Horus Cms

Name of the Vulnerable Software and Affected Versions: Vox Media Chorus CMS affected versions not specified Description: An HTML injection issue exists in Vox Media’s Chorus CMS. An attacker can execute JavaScript code in a victim’s browser by sending a malicious URL utilizing the q parameter in...

Vox Media Chorus CMS 跨站脚本漏洞

Vox Media Chorus CMS is a content publishing system from Vox Media, Inc. Vox Media Chorus CMS suffers from a cross-site scripting vulnerability that originates from HTML injection and could lead to cross-site scripting attacks...

CVE-2023-53155

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter...

CVE-2023-53155

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter...

CVE-2023-53155

CVE-2023-53155 affects EmbedThis GoAhead 2.5. The vulnerability is an HTML injection (XSS) via the name parameter in goform/formTest. Exploitation and public attestations exist (e.g., Exploit-DB); multiple mirrors/alerts reiterate the same flaw. Connected entries corroborate the issue across vend...

CVE-2023-53155

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter...

PT-2025-30896 · Embedthis · Goahead

Name of the Vulnerable Software and Affected Versions: EmbedThis GoAhead version 2.5 Description: The software contains a flaw that allows for HTML injection through the name parameter in the goform/formTest component. Recommendations: At the moment, there is no information about a newer version...

[SECURITY] [DLA 4249-1] mediawiki security update

Debian LTS Advisory DLA-4249-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 23, 2025 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.35.13-1+deb11u4 CVE ID : CVE-2025-3469 CVE-2025-6590 CVE-2025-6591 CVE-2025-6593 CVE-2025-6594 CVE-2025-6595...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-50126

A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jformtagstext parameter...

CVE-2025-53941

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...

CVE-2025-53926

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefo...

CVE-2025-53892

Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...

CVE-2025-53941

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...

CVE-2025-53941

Hollo is vulnerable to HTML injection in versions prior to 0.6.5 due to HTML form elements being submitted via the ActivityPub‑fed workflow. The issue affects Hollo’s rendering/handling of received posts that include form elements, enabling injection under network-visible conditions. Version 0.6....

CVE-2025-53941 Hollo renders posts received with form elements and allows submission

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...

CVE-2025-53941 Hollo renders posts received with form elements and allows submission

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...