15796 matches found
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
CVE-2025-43714
The CVE-2025-43714 entry concerns OpenAI’s ChatGPT system through 2025-03-30 where SVGs were inline-rendered instead of shown as code, enabling HTML injection in modern browsers. The root cause is the inline rendering of SVG documents (not text blocks). Reported impact is HTML injection; no expli...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
OpenAI ChatGPT 安全漏洞
OpenAI ChatGPT is a text-based artificial intelligence assistant from OpenAI, Inc. Interaction takes place in the form of a dialog. A security vulnerability exists in OpenAI ChatGPT versions 2025-03-30 and earlier, which stems from improper inline rendering of SVG documents and could lead to HTML...
PT-2025-21945 · Chatgpt · Chatgpt
Name of the Vulnerable Software and Affected Versions: ChatGPT system through 2025-03-30 Description: The issue allows HTML injection within most modern graphical web browsers due to the inline rendering of SVG documents. This is instead of rendering them as text inside a code block...
CVE-2024-51475
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2024-51475
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2024-51475
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
Security Bulletin: IBM Content Navigator is vulnerable to HTML injection.
Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2024-51475 DESCRIPTION: IBM Content Navigator is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web...
CVE-2024-51475 IBM Content Navigator HTML injection
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2024-51475 IBM Content Navigator HTML injection
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2024-51475
IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0 are affected by HTML injection (CWE-80). The issue allows a remote attacker to inject HTML that executes in the victim’s browser within the hosting site’s context. According to the IBM security bulletin, fixed versions are 3.0.15 IF006, 3.1...
PT-2025-21592 · Ibm · Ibm Content Navigator
Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.11 through 3.1.0 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting sit...
Cross-site Scripting (XSS)
Overview couleurcitron/tarteaucitron-wp is a Cookie manager WordPress plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addition of HTML into a post/page. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts into t...
CVE-2024-11718
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
HTML Injection
Umbraco Forms is vulnerable to HTML Injection. The vulnerability is due to lack of HTML encoding due to user-provided form values being directly embedded into emails without proper sanitization, enabling potential spoofing or bypass of email security systems...
CVE-2025-29689
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...
CVE-2025-29688
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...
CVE-2025-32390
EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...