CVE-2025-53941 Hollo renders posts received with form elements and allows submission

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...

Cross-site Scripting (XSS)

org.opennms:opennms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to stored XSS caused by unsanitized parameters on multiple nodes, allowing attackers to inject malicious HTML or JavaScript into database entries that are rendered on user-facing pages...

PT-2025-29913 · Hollo · Hollo

Name of the Vulnerable Software and Affected Versions: Hollo versions prior to 0.6.5 Description: Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, leading to a potential HTML...

Hollo 安全漏洞

Hollo is a micro-blogging software from Fedify Open Source. A security vulnerability exists in versions of Hollo prior to 0.6.5 that stems from allowing submission of HTML form elements, which may result in HTML injection...

CVE-2025-53839

DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users...

vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes

Summary The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, this setting fails to prevent execution of certain tag-based payloads, such as , if the interpolated value is inserted inside an HTML context...

CVE-2025-53892

Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...

PT-2025-29827

Name of the Vulnerable Software and Affected Versions Vue I18n versions 9.0.0 through 9.14.4 Vue I18n versions 10.0.0 through 10.0.7 Vue I18n versions 11.0.0 through 11.0.9 Description Vue I18n, an internationalization plugin for Vue.js, contains a flaw in the escapeParameterHtml: true option. Th...

CVE-2025-53839

DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users...

CVE-2025-28243

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component...

SAP BusinessObjects Business Intelligence Platform HTML Injection Vulnerability (3573199)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is prior to 2025 SP000 000200, 4.3 SP004 001300, or 4.3 SP005 000000. It is, therefore, affected by a vulnerability as referenced in the 3573199 advisory. An HTML Injection exists which allows an attack...

CVE-2025-28243

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component...

CVE-2025-28243

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component...

CVE-2025-31326

SAP�BusinessObjects Business�Intelligence Platform Web Intelligence is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as...

CVE-2025-28245

Cross-site scripting XSS vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body...

PT-2025-29135 · Alteryx · Alteryx Server

Name of the Vulnerable Software and Affected Versions: Alteryx Server version 2023.1.1.460 Description: An issue in Alteryx Server allows for HTML injection through a manipulated script within the pages component. Recommendations: At the moment, there is no information about a newer version that...

CVE-2025-28243

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component...

CVE-2025-28243

CVE-2025-28243 affects Alteryx Server v2023.1.1.460, with the Pages component vulnerable to HTML injection via a crafted script. The CVSS v3.1 vector indicates NETWORK access, HIGH impact to confidentiality and integrity, user interaction required, and no availability impact. Root cause details a...

Alteryx Server 跨站脚本漏洞

Alteryx Server is a cloud-hosted or self-hosted application from Alteryx, Inc. for publishing, sharing and executing workflows. A security vulnerability exists in Alteryx Server version 2023.1.1.460, which stems from the pages component that may allow HTML injection via specially crafted scripts...

CVE-2025-28243

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component...