15795 matches found
CVE-2021-42043
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...
CVE-2021-24884
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like ,,, and.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Lin...
CVE-2021-42564
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers with permission to provide confidential messages via Cryptshare to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' substring in the editor parameter...
CVE-2021-20680
Cross-site scripting vulnerability in NEC Aterm devices Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier,...
CVE-2021-37386
Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function...
CVE-2021-26844
A cross-site scripting XSS vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe...
CVE-2021-38265
Cross-site scripting XSS vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the comliferayassetlistwebportletAssetListPortlettitle parameter...
CVE-2021-37541
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible...
CVE-2021-35463
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...
CVE-2021-3340
A cross-site scripting XSS vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php...
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box...
CVE-2021-31834
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized...
CVE-2021-26799
Cross Site Scripting XSS vulnerability in admin/files/edit in Omeka Classic =2.7 allows remote attackers to inject arbitrary web script or HTML...
CVE-2021-24590
The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options...
CVE-2021-23899
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...
CVE-2021-21398
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3...
CVE-2021-20809
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable...
CVE-2021-32609
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...
CVE-2021-46079
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection...
CVE-2021-43961
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection...