Lucene search
K

15791 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.6 views

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

6.1CVSS6AI score0.00343EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.12 views

CVE-2024-51182

HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter...

6.1CVSS6.4AI score0.00316EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:4 a.m.8 views

CVE-2024-52967

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection...

4.8CVSS7.5AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.7 views

CVE-2024-51472

IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

3.1CVSS6.6AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.8 views

CVE-2024-52585

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...

5.4CVSS6.8AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:38 a.m.5 views

CVE-2024-43408

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7...

6.3CVSS6.6AI score0.0024EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:26 a.m.11 views

CVE-2024-41752

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS6.9AI score0.00263EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.7 views

CVE-2024-37773

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...

4.8CVSS7AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:19 a.m.7 views

CVE-2024-55059

A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...

6.1CVSS6.9AI score0.00195EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:46 a.m.5 views

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

7.8CVSS7.7AI score0.00502EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.5 views

CVE-2023-26042

Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to...

6.1CVSS7.1AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:14 a.m.7 views

CVE-2023-41827

An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI...

5.1CVSS6.6AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:9 a.m.5 views

CVE-2023-50933

IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113...

6.1CVSS6.6AI score0.00409EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:6 a.m.12 views

CVE-2023-5770

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the emai...

5.4CVSS6.8AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.8 views

CVE-2023-27151

openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number in the Saved Search Activity via the Name, Description, or Activity Number field...

6.1CVSS7.5AI score0.00454EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.18 views

CVE-2023-27864

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327...

5.4CVSS6.6AI score0.00477EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.6 views

CVE-2023-6046

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6.5AI score0.0043EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:56 a.m.6 views

CVE-2023-42015

IBM UrbanCode Deploy UCD 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512...

4.3CVSS6.2AI score0.00573EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:53 a.m.4 views

CVE-2023-20179

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could...

5.4CVSS6.5AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.12 views

CVE-2023-28598

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash...

7.5CVSS6.8AI score0.00542EPSS
Exploits0References1
Rows per page
Query Builder