15788 matches found
PT-2025-24592 · Sap · Sapui5
Name of the Vulnerable Software and Affected Versions: SAPUI5 affected versions not specified Description: The issue allows an attacker with basic privileges to inject malicious HTML code into a webpage, redirecting users to the attacker-controlled URL. This could impact the integrity of the...
Discourse < 3.4.4 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Discourse 3.5.x < 3.5.0.beta5 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2025-48062
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
CVE-2025-48062
Technical details about CVE-2025-48062 are not publicly disclosed in the provided documents. Monitor for updates from official sources.
CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
PT-2025-24432
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.4.4 Discourse version 3.5.0.beta5 and earlier of the beta branch Discourse version 3.5.0.beta6-dev and earlier of the tests-passed branch Description The issue concerns HTML injection in email bodies when the topi...
Medical Card Generation System HTML Injection Vulnerability
Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from an HTML injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the pagedes parameter of admin/contactus.php, which can be...
CVE-2025-48958
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by...
CVE-2025-48958
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by...
CVE-2025-48958 Froxlor has an HTML Injection Vulnerability
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by...
CVE-2025-48958
CVE-2025-48958 affects Froxlor before version 2.2.6, where an HTML Injection vulnerability in the Customer Account Portal (email section) allows injected HTML via user input in the domain field. Adversaries can cause phishing-style redirects to external sites, enabling credential theft and reputa...
CVE-2025-48958 Froxlor has an HTML Injection Vulnerability
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by...
CVE-2025-48958 Froxlor has an HTML Injection Vulnerability
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by...
Froxlor 跨站脚本漏洞
Froxlor is a lightweight server management software from the Froxlor team. A security vulnerability exists in Froxlor versions prior to 2.2.6 that stems from an HTML injection flaw in the Customer Account Portal that could lead to phishing attacks...
PT-2025-22886 · Pepperl+Fuchs · Profinet Gateway Fb8122A.1.El +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Due to improper neutralization of input during web page generation, an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device. Recommendations: At the...
CVE-2025-44998
A stored cross-site scripting XSS vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter...
CVE-2024-48704
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes...