Lucene search
K

15795 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:25 p.m.11 views

CVE-2020-5223

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

6.1CVSS5.3AI score0.00658EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:23 p.m.6 views

CVE-2020-29241

Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting XSS which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter...

4.8CVSS5.9AI score0.00632EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.7 views

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

6.1CVSS6.6AI score0.00902EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.9 views

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS7.2AI score0.00607EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.8 views

CVE-2020-1327

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'...

6.1CVSS6.8AI score0.0182EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 p.m.6 views

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

6.1CVSS7.5AI score0.01274EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 p.m.11 views

CVE-2020-11593

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address...

7.5CVSS6.8AI score0.00992EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:0 p.m.7 views

CVE-2020-24188

Cross-site scripting XSS vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter...

6.1CVSS6AI score0.00819EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.3 views

CVE-2020-21845

Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'...

6.1CVSS7.2AI score0.00827EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.6 views

CVE-2020-13480

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

5.4CVSS7.1AI score0.00979EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.7 views

CVE-2020-8788

Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS and HTML injection via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report...

6.1CVSS6AI score0.00812EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.7 views

CVE-2020-5620

Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file...

5.4CVSS5.9AI score0.00635EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.7 views

CVE-2020-5574

HTML attribute value injection vulnerability in Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and...

5.3CVSS7.2AI score0.01206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 p.m.5 views

CVE-2020-27741

Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

6.1CVSS6AI score0.00831EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.10 views

CVE-2020-27262

Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting XSS vulnerability exists in the affected products that allow an attacker to inject arbitrary web script or HTML via the filename parameter to multiple update endpoints of the administrative web...

5.4CVSS5.3AI score0.00675EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 1:46 p.m.9 views

CVE-2014-9241

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 type parameter to report.php, 2 signature parameter in a doeditsig action to usercp.php, or 3 title parameter in the...

4.3CVSS6AI score0.03428EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:44 p.m.9 views

CVE-2014-9516

Cross-site scripting XSS vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI, related to the "Web Site" input in the Profile section...

4.3CVSS6AI score0.01465EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:27 p.m.4 views

CVE-2018-7303

The Calendar component in Tiki 17.1 allows HTML injection...

5.4CVSS6.8AI score0.00548EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:41 p.m.8 views

CVE-2010-3470

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.8AI score0.01292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:37 p.m.10 views

CVE-2010-1023

Cross-site scripting XSS vulnerability in the UserTask Center, Recent taskcenterrecent extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01283EPSS
Exploits0References1
Rows per page
Query Builder