Lucene search
K

15792 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.13 views

CVE-2023-28598

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash...

7.5CVSS6.8AI score0.00542EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:42 a.m.11 views

CVE-2023-48003

An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' in the WebSocket messages...

6.1CVSS7.1AI score0.0046EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:41 a.m.9 views

CVE-2023-48104

Alinto SOGo before 5.9.1 is vulnerable to HTML Injection...

6.1CVSS6.6AI score0.01022EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:37 a.m.11 views

CVE-2023-35075

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

5.4CVSS5.1AI score0.00368EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:36 a.m.6 views

CVE-2023-41316

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

5.5CVSS7AI score0.00416EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:34 a.m.9 views

CVE-2023-47119

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...

6.1CVSS6.6AI score0.00943EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/05/23 4:34 a.m.19 views

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence AI assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:25 a.m.6 views

CVE-2023-43828

A Cross-site scripting XSS vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter...

5.4CVSS6AI score0.00495EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:23 a.m.12 views

CVE-2023-48837

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code...

5.4CVSS7.1AI score0.00465EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:23 a.m.8 views

CVE-2023-48825

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code...

5.4CVSS7.3AI score0.00453EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:23 a.m.10 views

CVE-2023-48827

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS7.1AI score0.00465EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.10 views

CVE-2023-41944

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...

6.1CVSS6.7AI score0.00435EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:14 a.m.5 views

CVE-2023-40810

OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field...

6.1CVSS6.9AI score0.00463EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.10 views

CVE-2023-38694

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain ...

5.4CVSS6.7AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.7 views

CVE-2023-38536

HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting...

6.4CVSS6.7AI score0.00366EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.9 views

CVE-2023-37798

A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...

5.4CVSS5.6AI score0.00452EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:59 a.m.10 views

CVE-2023-46595

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.7 views

CVE-2023-33944

Cross-site scripting XSS vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's UR...

6.1CVSS5.8AI score0.00533EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.8 views

CVE-2023-46127

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version...

5.4CVSS6.7AI score0.36979EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:53 a.m.5 views

CVE-2023-33799

A stored cross-site scripting XSS vulnerability in the Create Contacts /tenancy/contacts/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS5.6AI score0.00394EPSS
Exploits1References1
Rows per page
Query Builder