Lucene search
K

15793 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:30 p.m.7 views

CVE-2021-30057

A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...

4.8CVSS6.9AI score0.0066EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:29 p.m.21 views

CVE-2021-29049

Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...

6.1CVSS5.9AI score0.00754EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:20 p.m.3 views

CVE-2021-22232

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...

5.4CVSS6.6AI score0.00747EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:10 p.m.7 views

CVE-2021-40970

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter...

6.1CVSS5.8AI score0.02204EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:45 p.m.8 views

CVE-2020-29304

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

6.1CVSS5.4AI score0.05483EPSS
Exploits3
NVD
NVD
added 2025/05/22 5:15 p.m.12 views

CVE-2025-33138

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.6 views

CVE-2020-35650

Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...

6.1CVSS5.9AI score0.00772EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:7 p.m.5 views

CVE-2020-28184

Cross-site scripting XSS vulnerability in TerraMaster TOS = 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php...

5.4CVSS5.5AI score0.00664EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 p.m.8 views

CVE-2020-5226

Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a...

5.4CVSS6.1AI score0.00544EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.12 views

CVE-2020-8245

Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP...

6.1CVSS7AI score0.00934EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 p.m.6 views

CVE-2020-5568

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'...

6.1CVSS6.4AI score0.00781EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 4:37 p.m.13 views

CVE-2025-33138 IBM Aspera Faspex HTML injection

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.1AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/22 4:37 p.m.17 views

CVE-2025-33138 IBM Aspera Faspex HTML injection

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/05/22 4:37 p.m.71 views

CVE-2025-33138

CVE-2025-33138 affects IBM Aspera Faspex 5.0.0–5.0.12. The vulnerability is HTML injection, allowing a remote attacker to inject HTML that runs in a user’s browser within the hosting site’s security context. IBM’s bulletin reiterates the issue and reports remediation: upgrade to Faspex 5.0.12.1. ...

6.1CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 p.m.7 views

CVE-2020-29653

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags...

6.1CVSS7AI score0.01409EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.6 views

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

5.4CVSS6.4AI score0.00849EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 p.m.6 views

CVE-2020-23974

Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Messagetitle-tag, Add new client all-tags...

5.4CVSS6.8AI score0.00597EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 p.m.7 views

CVE-2020-18282

Cross-site scripting XSS vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature...

6.1CVSS5.9AI score0.00521EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:25 p.m.11 views

CVE-2020-5223

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

6.1CVSS5.3AI score0.00658EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:23 p.m.6 views

CVE-2020-29241

Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting XSS which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter...

4.8CVSS5.9AI score0.00632EPSS
Exploits0
Rows per page
Query Builder