CVE-2025-53502

CVE-2025-53502 targets Wikimedia Foundation MediaWiki, specifically the FeaturedFeeds Extension. Affected versions are 1.39.x, 1.42.x, and 1.43.x due to Improper Input Validation exposing Cross-Site Scripting (XSS). The issue is described as an XSS vulnerability arising from input handling within...

CVE-2025-53502 HTML injection in FeaturedFeeds

Improper Input Validation vulnerability in Wikimedia Foundation Mediawiki - FeaturedFeeds Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - FeaturedFeeds Extension: 1.39.X, 1.42.X, 1.43.X...

PT-2025-27831 · Mediawiki +1 · Mediawiki Citizen Skin +1

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0 Description: The Citizen MediaWiki skin has an issue where short descriptions set via the ShortDescription extension are inserted as raw HTML, allowing any user to insert arbitrary HTML into...

PT-2025-27833 · Mediawiki · Shortdescription +1

Name of the Vulnerable Software and Affected Versions: MediaWiki extension Short Description versions 4.0.0 Description: The issue arises from the lack of proper sanitization of short descriptions before they are inserted as HTML, allowing any user to insert arbitrary HTML into the DOM by editing...

CVE-2025-2895

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2025-5967

A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data...

CVE-2025-5967

A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data...

CVE-2025-5967

CVE-2025-5967 is a stored cross-site scripting vulnerability in Trellix ENS HX 10.0.4. The issue allows an attacker to inject arbitrary HTML into the Malware Scan Name field, which can lead to exposure of sensitive data. Affected product is Trellix Endpoint Security HX, version 10.0.4; the root c...

PT-2025-27505 · Mcafee · Ens Hx

Name of the Vulnerable Software and Affected Versions: ENS HX version 10.0.4 Description: A stored cross-site scripting issue allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data. Recommendations: For ENS HX version...

CVE-2025-2895

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2025-2895

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2025-2895 IBM Cloud Pak System HTML injection

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2025-2895 IBM Cloud Pak System HTML injection

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2025-2895

IBM Cloud Pak System is affected by HTML injection (CVE-2025-2895) in the following versions: 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1. The vulnerability enables a remote attacker to inject HTML that executes in the victim’s browser within the hosting sit...

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System[CVE-2020-5256, CVE-2025-2895]

Summary Multiple Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System is affected to Prototype Pollution due to Dojo and HTML Injection in JavaScript. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: In affected versions of dojo NPM package, the deepCopy method is...

PT-2025-27446 · Ibm · Ibm Cloud Pak System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak System versions 2.3.3.6 through 2.3.4.1 iFix1 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the...

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing, and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak...

CVE-2023-38007

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browse...

GHSA-JFJ7-249R-7J2M TabberNeue vulnerable to Stored XSS through wikitext

Summary Arbitrary HTML can be inserted into the DOM by inserting a payload into any allowed attribute of the tag. Details The args provided within the wikitext as attributes to the tag are passed to the TabberComponentTabs class:...

CVE-2025-53093

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...