CVE-2025-42990

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted...

Citizen 跨站脚本漏洞

Citizen is a beautiful, easy-to-use and responsive MediaWiki skin from the Star Citizen Wiki team. A cross-site scripting vulnerability exists in Citizen versions prior to 3.3.1, which stems from the insertion of a preference message into raw HTML, potentially leading to arbitrary HTML injection...

Citizen 跨站脚本漏洞

Citizen is a beautiful, easy-to-use and responsive MediaWiki skin from the Star Citizen Wiki team. A cross-site scripting vulnerability exists in Citizen versions prior to 3.3.1, which stems from the insertion of citizen-search-noresults titles and descriptions into raw HTML, potentially leading ...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

PT-2025-25345 · Citizen · Citizen

Name of the Vulnerable Software and Affected Versions: Citizen versions prior to 3.3.1 Description: The issue arises from the insertion of various preferences messages into raw HTML, allowing editors of those messages to insert arbitrary HTML into the DOM. This could potentially lead to malicious...

Citizen 跨站脚本漏洞

Citizen is a beautiful, easy-to-use and responsive MediaWiki skin from the Star Citizen Wiki team. A cross-site scripting vulnerability exists in Citizen versions prior to 3.3.1, which stems from the insertion of a date message returned by Language::userDate into raw HTML, which could lead to...

PT-2025-25346 · Mediawiki · Mediawiki Citizen Skin

Name of the Vulnerable Software and Affected Versions: MediaWiki Citizen Skin versions prior to 3.3.1 Description: The issue concerns the Citizen MediaWiki skin, which allows extensions to be part of a cohesive experience. Specifically, the citizen-search-noresults-title and...

PT-2025-25347 · Citizen · Citizen

Name of the Vulnerable Software and Affected Versions: Citizen versions prior to 3.3.1 Description: The issue affects the Citizen MediaWiki skin, which integrates extensions into a cohesive experience. It allows users with the editinterface right to insert arbitrary HTML into the DOM by editing...

PT-2025-25348 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Citizen versions prior to 3.3.1 Description: The issue affects the Citizen MediaWiki skin, where system messages in menu headings using the Menu.mustache template are inserted as raw HTML. This allows users with the editinterface right to...

CVE-2025-48062

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

BIT-DISCOURSE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

WordPress Bold Page Builder plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Bold Page Builder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

WordPress Popup Maker plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Popup Maker plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

PT-2025-25289

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.0 through 18.0.2 Description An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions, HTML injection in the new search page could lead to account...

Gitlab -- Vulnerabilities

Gitlab reports: HTML injection impacts GitLab CE/EE Cross-site scripting issue impacts GitLab CE/EE Missing authorization issue impacts GitLab Ultimate EE Denial of Service impacts GitLab CE/EE Denial of Service via unbounded Webhook token names impacts GitLab CE/EE Denial of Service via unbounde...

CVE-2025-42990

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted...

CVE-2025-42990 HTML Injection in Unprotected SAPUI5 applications

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted...

CVE-2025-42990 HTML Injection in Unprotected SAPUI5 applications

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted...

CVE-2025-42990

CVE-2025-42990 involves unprotected SAPUI5 applications allowing an attacker with basic privileges to inject malicious HTML into a webpage, causing a redirect to an attacker-controlled URL. The impact is limited to integrity (no confidentiality or availability impact) as described in multiple sou...

SAP SAPUI5 跨站脚本漏洞

SAP SAPUI5 is a JavaScript application framework from SAP, a German company. A cross-site scripting vulnerability exists in SAP SAPUI5 that originates from allowing the injection of malicious HTML code that could result in a redirection to an attacker-controlled URL...