15789 matches found
CVE-2024-48704
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes...
CVE-2024-48702
PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter...
CVE-2025-33138
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2024-48704
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes...
CVE-2024-48704
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes...
CVE-2024-51108
Multiple stored cross-site scripting XSS vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate...
CVE-2024-48702
PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter...
CVE-2024-48702
PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter...
CVE-2024-9940
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that...
CVE-2024-47826
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" show mode, "database.php" show mode or "search.php". It works by providing HTML code in the extended...
CVE-2024-48119
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML...
CVE-2024-46970
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible...
CVE-2024-6702
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage...
CVE-2024-45389
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...
CVE-2024-45527
REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website...
CVE-2024-33670
Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy CSP restrictions, it may still impact the appearance and...
CVE-2024-32340
A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module...
CVE-2024-31649
A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-31652
A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...
CVE-2024-27476
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show/tickets/newTicket...