Lucene search
K

15796 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 8:38 p.m.7 views

CVE-2002-2319

Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the 1 LOGIN, 2 DATA, and 3 MESS parameters, which are inserted into news.php3...

7.5CVSS7.5AI score0.0225EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:35 p.m.6 views

CVE-2005-4751

Multiple cross-site scripting XSS vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors...

6.8CVSS6.2AI score0.01642EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:23 p.m.9 views

CVE-2025-47946

Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...

6.1CVSS6.1AI score0.00212EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 8:20 p.m.10 views

CVE-2009-4395

Cross-site scripting XSS vulnerability in the Random Prayer 2 steprayer2 extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00855EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:13 p.m.9 views

CVE-2009-4187

Multiple cross-site scripting XSS vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:12 p.m.10 views

CVE-2009-4169

Cross-site scripting XSS vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01795EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:54 p.m.5 views

CVE-2009-3856

Cross-site scripting XSS vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information...

4.3CVSS6AI score0.03008EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:43 p.m.5 views

CVE-2009-3521

Multiple cross-site scripting XSS vulnerabilities in the Visualization Engine VE in IBM Tivoli Composite Application Manager for WebSphere ITCAM 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:39 p.m.6 views

CVE-2001-1516

Cross-site scripting XSS vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews...

4.3CVSS6AI score0.0136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:39 p.m.8 views

CVE-2008-7147

Multiple cross-site scripting XSS vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the 1 outline and 2 course parameters to library/descriptionlink.cfm, or the 3 recordstodisplay and ...

4.3CVSS6.1AI score0.01022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:46 p.m.6 views

CVE-2008-5961

Cross-site scripting XSS vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

4.3CVSS5.8AI score0.00845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:44 p.m.9 views

CVE-2007-6090

Cross-site scripting XSS vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

4.3CVSS5.8AI score0.00871EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:36 p.m.5 views

CVE-2005-3764

The image gallery imagegallery component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML...

10CVSS7.3AI score0.01375EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/21 5:36 p.m.17 views

Security Bulletin: IBM Aspera Faspex is affected by user input sanitization and HTML injection vulnerabilities

Summary IBM Aspera Faspex has addressed input sanitization and HTML injection vulnerabilities CVE-2025-33137, CVE-2025-33136, CVE-2025-33138 Vulnerability Details CVEID:CVE-2025-33137 DESCRIPTION: IBM Aspera Faspex 5 could allow an authenticated user to obtain sensitive information or perform...

8.8CVSS6.7AI score0.00287EPSS
Exploits0Affected Software6
RedhatCVE
RedhatCVE
added 2025/05/21 12:20 a.m.9 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

6.5CVSS7.3AI score0.0038EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.5 views

PT-2025-22507 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.12 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.4CVSS6.6AI score0.00219EPSS
Exploits0References4
OSV
OSV
added 2025/05/19 10:24 p.m.7 views

GHSA-5J3W-5PCR-F8HG Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes

Impact Rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these values are unsafe e.g. contain user input, this can lead to HTML attribute injection and XSS vulnerabilities. Patche...

6.1CVSS6.2AI score0.00212EPSS
Exploits0References10
CVE
CVE
added 2025/05/19 7:25 p.m.47 views

CVE-2025-47946

Summary: CVE-2025-47946 affects Symfony UX components. Prior to 2.25.1, rendering {{ attributes }} or using methods returning a ComponentAttributes instance can output unescaped attribute values, risking HTML attribute injection and XSS. The vulnerability affects the Symfony UX Twig component and...

6.1CVSS6.2AI score0.00212EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/19 4:36 p.m.10 views

CVE-2023-35006

IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS7.2AI score0.00306EPSS
Exploits0References3
NVD
NVD
added 2025/05/19 3:15 p.m.5 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

6.5CVSS0.0038EPSS
Exploits1References1
Rows per page
Query Builder