15795 matches found
CVE-2019-5975
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-5962
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-15724
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection...
CVE-2019-19327
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...
CVE-2019-19328
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...
CVE-2019-15510
ManageEngineDesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role...
CVE-2019-17667
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...
CVE-2019-16962
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report...
CVE-2019-14756
An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. A...
CVE-2019-12863
SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 allows Stored HTML Injection by administrators via the Web Console Settings screen...
CVE-2019-1577
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML...
CVE-2019-10335
A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages...
CVE-2017-9622
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data...
CVE-2018-18291
A cross site scripting XSS vulnerability on ASUS RT-AC58U 3.0.0.4.3806516 devices allows remote attackers to inject arbitrary web script or HTML via AdvancedASUSDDNSContent.asp, AdvancedWSecurityContent.asp, AdvancedWirelessContent.asp, Logout.asp, MainLogin.asp, MobileQISLogin.asp, QISwizard.htm...
CVE-2019-9226
An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the optbaseBGSITENAME parameter to the bgconsole/index.php?m=opt=request URI...
CVE-2018-16622
Multiple cross-site scripting XSS vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 discription or 2 comments field, related to users/userAddContent...
CVE-2019-5989
DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page...
CVE-2019-0869
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'...
CVE-2019-17223
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...
CVE-2016-10508
Multiple cross-site scripting XSS vulnerabilities in phpThumb before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php...