15796 matches found
CVE-2002-2319
Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the 1 LOGIN, 2 DATA, and 3 MESS parameters, which are inserted into news.php3...
CVE-2005-4751
Multiple cross-site scripting XSS vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors...
CVE-2025-47946
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...
CVE-2009-4395
Cross-site scripting XSS vulnerability in the Random Prayer 2 steprayer2 extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-4187
Multiple cross-site scripting XSS vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-4169
Cross-site scripting XSS vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-3856
Cross-site scripting XSS vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information...
CVE-2009-3521
Multiple cross-site scripting XSS vulnerabilities in the Visualization Engine VE in IBM Tivoli Composite Application Manager for WebSphere ITCAM 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2001-1516
Cross-site scripting XSS vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews...
CVE-2008-7147
Multiple cross-site scripting XSS vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the 1 outline and 2 course parameters to library/descriptionlink.cfm, or the 3 recordstodisplay and ...
CVE-2008-5961
Cross-site scripting XSS vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...
CVE-2007-6090
Cross-site scripting XSS vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2005-3764
The image gallery imagegallery component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML...
Security Bulletin: IBM Aspera Faspex is affected by user input sanitization and HTML injection vulnerabilities
Summary IBM Aspera Faspex has addressed input sanitization and HTML injection vulnerabilities CVE-2025-33137, CVE-2025-33136, CVE-2025-33138 Vulnerability Details CVEID:CVE-2025-33137 DESCRIPTION: IBM Aspera Faspex 5 could allow an authenticated user to obtain sensitive information or perform...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
PT-2025-22507 · Ibm · Ibm Aspera Faspex
Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.12 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
GHSA-5J3W-5PCR-F8HG Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
Impact Rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these values are unsafe e.g. contain user input, this can lead to HTML attribute injection and XSS vulnerabilities. Patche...
CVE-2025-47946
Summary: CVE-2025-47946 affects Symfony UX components. Prior to 2.25.1, rendering {{ attributes }} or using methods returning a ComponentAttributes instance can output unescaped attribute values, risking HTML attribute injection and XSS. The vulnerability affects the Symfony UX Twig component and...
CVE-2023-35006
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...