Lucene search
K

15793 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:54 p.m.5 views

CVE-2022-3245

HTML injection attack is closely related to Cross-site Scripting XSS. HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input...

6.1CVSS6.5AI score0.00549EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 p.m.9 views

CVE-2022-29816

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible...

3.2CVSS7.1AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 p.m.3 views

CVE-2022-28101

Turtlapp Turtle Note v0.7.2.6 does not filter the tag during markdown parsing, allowing attackers to execute HTML injection...

9CVSS7AI score0.00969EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:36 p.m.6 views

CVE-2022-2316

HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site...

5.4CVSS6.9AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.7 views

CVE-2022-24564

Checkmk =2.0.0p19 contains a Cross Site Scripting XSS vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user...

6.1CVSS5.9AI score0.00661EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:26 p.m.5 views

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

6.1CVSS6.7AI score0.3106EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 p.m.9 views

CVE-2022-1002

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations...

5.4CVSS6.5AI score0.00639EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 p.m.6 views

CVE-2022-29269

In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address...

6.5CVSS6.6AI score0.03053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:58 p.m.15 views

CVE-2022-43708

MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...

6.1CVSS5.8AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:58 p.m.5 views

CVE-2022-35117

Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via updatemedicinedetails.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical...

4.8CVSS6.2AI score0.00479EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.7 views

CVE-2022-34966

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ipaddress/:port/ossn/home...

7.5CVSS7.5AI score0.01137EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:52 p.m.8 views

CVE-2022-27156

Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection...

5.4CVSS6.7AI score0.00485EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.6 views

CVE-2021-43441

An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...

5.3CVSS7.4AI score0.01218EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.7 views

CVE-2021-21283

Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to...

5.4CVSS6.2AI score0.00787EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.3 views

CVE-2021-29944

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affec...

6.1CVSS6.5AI score0.00702EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 p.m.7 views

CVE-2021-32671

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

10CVSS6.8AI score0.39738EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:9 p.m.15 views

CVE-2021-45416

Reflected Cross-site scripting XSS vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the searchterm parameter in the modules/Scheduling/Courses.php script...

6.1CVSS5.8AI score0.03002EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 9:6 p.m.9 views

CVE-2021-42046

An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript...

6.1CVSS6.7AI score0.00835EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.7 views

CVE-2021-42043

An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...

6.1CVSS7AI score0.00726EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.10 views

CVE-2021-24884

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like ,,, and.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Lin...

9.6CVSS7.6AI score0.03084EPSS
Exploits1References1
Rows per page
Query Builder