Lucene search
K

15792 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:52 a.m.6 views

CVE-2023-33495

Craft CMS through 4.4.9 is vulnerable to HTML Injection...

6.1CVSS6.6AI score0.00497EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:52 a.m.9 views

CVE-2023-33257

Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat...

5.4CVSS6.9AI score0.00346EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:50 a.m.5 views

CVE-2023-45879

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component...

5.4CVSS7.1AI score0.00464EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.5 views

CVE-2023-30609

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...

5.4CVSS6.2AI score0.00617EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.9 views

CVE-2023-45137

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12...

9CVSS6.6AI score0.00623EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:35 a.m.12 views

CVE-2023-2817

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions = 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively...

5.4CVSS5.8AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:33 a.m.8 views

CVE-2023-27775

A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload...

5.4CVSS7.6AI score0.00672EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:28 a.m.5 views

CVE-2023-37255

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header...

6.1CVSS6.9AI score0.00467EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:26 a.m.10 views

CVE-2023-5238

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website...

6.1CVSS6.7AI score0.0042EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 3:24 a.m.3 views

CVE-2023-25200

An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser...

4.7CVSS6.7AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:12 a.m.1 views

CVE-2023-2200

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...

5.4CVSS6.8AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:6 a.m.4 views

CVE-2023-20868

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages...

6.1CVSS6.2AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:51 a.m.12 views

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

6.1CVSS7AI score0.03083EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.4 views

CVE-2023-32332

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-For...

5.4CVSS6.5AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:28 a.m.2 views

CVE-2023-27474

Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...

8CVSS7.7AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:23 a.m.5 views

CVE-2023-38687

Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...

5.4CVSS6.7AI score0.00495EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:20 a.m.5 views

CVE-2023-34831

The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form "id" and "title" HTTP POST parameters where the students submit their reports for similarity/plagiarism checks...

5.4CVSS7.3AI score0.00448EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:13 a.m.12 views

CVE-2023-26842

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...

5.4CVSS5.6AI score0.01409EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.8 views

CVE-2023-6830

The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected...

6.5CVSS6.9AI score0.00393EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.6 views

CVE-2023-47114

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

6.1CVSS6.7AI score0.00609EPSS
Exploits0References1
Rows per page
Query Builder