15775 matches found
CVE-2026-40451
DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user...
CVE-2026-40451
The CVE-2026-40451 entry affects the DeepL Chrome extension, specifically versions 1.22.0 through 1.23.0. It describes a cross-site scripting vulnerability that allows an attacker to execute arbitrary scripts in a user’s browser and inject malicious HTML into pages viewed by the user. The provide...
CVE-2026-40451
DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user...
PT-2026-34249
Name of the Vulnerable Software and Affected Versions DeepL Chrome browser extension versions 1.22.0 through 1.23.0 Description A cross-site scripting flaw allows an attacker to execute arbitrary script in a user's browser and inject malicious HTML into web pages viewed by the user. Recommendatio...
CVE-2026-40875
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the user dashboard's "Seen successful connections" login history renders the client IP from login logs without HTML escaping. Because the server trusts the X-Real-IP header as the source IP...
EUVD-2026-24254
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...
EUVD-2025-209543
HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...
CVE-2026-40567
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...
CVE-2026-40565
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...
CVE-2025-41011
HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...
CVE-2026-40568
Summary (CVE-2026-40568) : FreeScout prior to version 1.8.213 contains a stored XSS in the mailbox signature due to incomplete HTML sanitization in Helper::stripDangerousTags(). The sanitizer blocks only four tags (script, form, iframe, object) and misses event-handler attributes, allowing HTML e...
CVE-2026-40567
FreeScout (self-hosted help desk) contains an HTML injection vulnerability in outgoing emails prior to v1.8.213. An unauthenticated attacker can craft the From display name in an email; the name is stored in the database without sanitization and rendered unescaped in outgoing replies via the {%cu...
CVE-2026-40567
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...
CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...
CVE-2026-40565
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...
CVE-2025-41011
HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...
CVE-2025-41011 HTML injection in PHP Point Of Sale
HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...
CVE-2025-41011
CVE-2025-41011 — HTML injection in PHP Point of Sale v19.4 due to insufficient input validation in the /reports/generate/specific_customer endpoint (parameters: start_date_formatted, end_date_formatted). This allows rendering HTML in the victim’s browser. CVSS 4.0: Attack vector NETWORK; attack c...
CVE-2025-41011 HTML injection in PHP Point Of Sale
HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from uncleanly storing the From display name in the...