Lucene search
K

15796 matches found

OSV
OSV
added 2025/05/19 3:15 p.m.4 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

6.5CVSS5.8AI score0.0038EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/19 12:0 a.m.5 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

6.8AI score0.0038EPSS
Exploits1References1
CVE
CVE
added 2025/05/19 12:0 a.m.59 views

CVE-2025-43714

The CVE-2025-43714 entry concerns OpenAI’s ChatGPT system through 2025-03-30 where SVGs were inline-rendered instead of shown as code, enabling HTML injection in modern browsers. The root cause is the inline rendering of SVG documents (not text blocks). Reported impact is HTML injection; no expli...

6.5CVSS7.3AI score0.0038EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/19 12:0 a.m.9 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

0.0038EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.3 views

OpenAI ChatGPT 安全漏洞

OpenAI ChatGPT is a text-based artificial intelligence assistant from OpenAI, Inc. Interaction takes place in the form of a dialog. A security vulnerability exists in OpenAI ChatGPT versions 2025-03-30 and earlier, which stems from improper inline rendering of SVG documents and could lead to HTML...

6.5CVSS6.5AI score0.0038EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.4 views

PT-2025-21945 · Chatgpt · Chatgpt

Name of the Vulnerable Software and Affected Versions: ChatGPT system through 2025-03-30 Description: The issue allows HTML injection within most modern graphical web browsers due to the inline rendering of SVG documents. This is instead of rendering them as text inside a code block...

6.5CVSS6.7AI score0.0038EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/18 1:0 a.m.20 views

CVE-2024-51475

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS6.9AI score0.00219EPSS
Exploits0
NVD
NVD
added 2025/05/16 1:15 a.m.19 views

CVE-2024-51475

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS0.00219EPSS
Exploits0References1
OSV
OSV
added 2025/05/16 1:15 a.m.4 views

CVE-2024-51475

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS5.8AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/16 12:54 a.m.14 views

Security Bulletin: IBM Content Navigator is vulnerable to HTML injection.

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2024-51475 DESCRIPTION: IBM Content Navigator is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web...

6.1CVSS6.8AI score0.00219EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/16 12:44 a.m.11 views

CVE-2024-51475 IBM Content Navigator HTML injection

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.6AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 12:44 a.m.27 views

CVE-2024-51475 IBM Content Navigator HTML injection

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/05/16 12:44 a.m.46 views

CVE-2024-51475

IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0 are affected by HTML injection (CWE-80). The issue allows a remote attacker to inject HTML that executes in the victim’s browser within the hosting site’s context. According to the IBM security bulletin, fixed versions are 3.0.15 IF006, 3.1...

6.1CVSS6.9AI score0.00219EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.4 views

PT-2025-21592 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.11 through 3.1.0 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting sit...

6.1CVSS6.1AI score0.00219EPSS
Exploits0References5
Snyk
Snyk
added 2025/05/15 9:31 p.m.3 views

Cross-site Scripting (XSS)

Overview couleurcitron/tarteaucitron-wp is a Cookie manager WordPress plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addition of HTML into a post/page. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts into t...

5.4CVSS5.3AI score0.00254EPSS
Exploits1References2
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-11718

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00254EPSS
Exploits1References1
Veracode
Veracode
added 2025/05/15 12:29 p.m.7 views

HTML Injection

Umbraco Forms is vulnerable to HTML Injection. The vulnerability is due to lack of HTML encoding due to user-provided form values being directly embedded into emails without proper sanitization, enabling potential spoofing or bypass of email security systems...

6.3CVSS6.7AI score0.00239EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2025/05/14 10:15 p.m.9 views

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

6.1CVSS0.00228EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 10:15 p.m.8 views

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

6.1CVSS0.00228EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/14 11:9 a.m.14 views

CVE-2025-32390

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.5CVSS6.8AI score0.00314EPSS
Exploits1References1
Rows per page
Query Builder