15796 matches found
CVE-2025-29688
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...
CVE-2025-29686
A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...
GHSA-2QRJ-G9HQ-CHPH Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
Park Ticketing Management System foreigner-search.php File HTML Injection Vulnerability
Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System has an HTML injection vulnerability that stems from improper handling of the searchdata parameter in the foreigner-search.php file. No details of the vulnerability are available at this time...
Park Ticketing Management System normal-bwdates-reports-details.php file HTML injection vulnerability
Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from an HTML injection vulnerability that stems from improper handling of the fromdate and todate parameters in the normal-bwdates-reports-details.php file. No details of the...
CVE-2025-32390
EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...
CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover
EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...
CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover
EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...
CVE-2025-32390
EspoCRM prior to version 9.0.8 is affected by HTML Injection in Knowledge Base articles. The issue arises from overly permissive HTML editing on KB articles, allowing an authenticated user with read KB privilege to inject content that can deface a page and capture submitted credentials in plainte...
CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover
EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...
PT-2025-20690 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.8 Description: The issue allows for HTML Injection in Knowledge Base KB articles, leading to complete page defacement that can imitate the login page. Authenticated users with the read knowledge article privilege...
CVE-2023-51295
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...
CVE-2025-20216
A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the web interface. An...
CVE-2025-29154
HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacaotreinamento/, .galera.app/rh/metas/perspectivaestrategica/edicao/, .galera.app/rh/cadastros/perspectivas/listagem/adc/,...
CVE-2023-51295
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...
CVE-2023-51295
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...