15793 matches found
CVE-2022-3245
HTML injection attack is closely related to Cross-site Scripting XSS. HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input...
CVE-2022-29816
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible...
CVE-2022-28101
Turtlapp Turtle Note v0.7.2.6 does not filter the tag during markdown parsing, allowing attackers to execute HTML injection...
CVE-2022-2316
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site...
CVE-2022-24564
Checkmk =2.0.0p19 contains a Cross Site Scripting XSS vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user...
CVE-2022-24682
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...
CVE-2022-1002
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations...
CVE-2022-29269
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address...
CVE-2022-43708
MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...
CVE-2022-35117
Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via updatemedicinedetails.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical...
CVE-2022-34966
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ipaddress/:port/ossn/home...
CVE-2022-27156
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection...
CVE-2021-43441
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...
CVE-2021-21283
Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to...
CVE-2021-29944
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affec...
CVE-2021-32671
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...
CVE-2021-45416
Reflected Cross-site scripting XSS vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the searchterm parameter in the modules/Scheduling/Courses.php script...
CVE-2021-42046
An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript...
CVE-2021-42043
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...
CVE-2021-24884
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like ,,, and.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Lin...