Lucene search
K

15796 matches found

Cvelist
Cvelist
added 2025/05/14 12:0 a.m.12 views

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

0.00228EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/14 12:0 a.m.7 views

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

5.6AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2025/05/13 8:17 p.m.7 views

GHSA-2QRJ-G9HQ-CHPH Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...

6.3CVSS6.6AI score0.00239EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/05/13 8:17 p.m.16 views

Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...

6.3CVSS6.7AI score0.00239EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2025/05/13 5:6 p.m.16 views

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

6.3CVSS0.00239EPSS
Exploits1References1
OSV
OSV
added 2025/05/13 5:6 p.m.5 views

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

6.3CVSS6.4AI score0.00239EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/05/13 5:6 p.m.8 views

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

6.3CVSS6.7AI score0.00239EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/13 12:0 a.m.1 views

Park Ticketing Management System foreigner-search.php File HTML Injection Vulnerability

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System has an HTML injection vulnerability that stems from improper handling of the searchdata parameter in the foreigner-search.php file. No details of the vulnerability are available at this time...

5.3CVSS7.2AI score0.00283EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/13 12:0 a.m.1 views

Park Ticketing Management System normal-bwdates-reports-details.php file HTML injection vulnerability

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from an HTML injection vulnerability that stems from improper handling of the fromdate and todate parameters in the normal-bwdates-reports-details.php file. No details of the...

5.3CVSS7.2AI score0.00283EPSS
Exploits1References1
NVD
NVD
added 2025/05/12 11:15 a.m.27 views

CVE-2025-32390

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.5CVSS0.00314EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/12 10:30 a.m.13 views

CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.4CVSS6.5AI score0.00314EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/12 10:30 a.m.27 views

CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.4CVSS0.00314EPSS
Exploits1References2
CVE
CVE
added 2025/05/12 10:30 a.m.62 views

CVE-2025-32390

EspoCRM prior to version 9.0.8 is affected by HTML Injection in Knowledge Base articles. The issue arises from overly permissive HTML editing on KB articles, allowing an authenticated user with read KB privilege to inject content that can deface a page and capture submitted credentials in plainte...

8.5CVSS6.5AI score0.00314EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/05/12 10:30 a.m.8 views

CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.4CVSS6.7AI score0.00314EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.8 views

PT-2025-20690 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.8 Description: The issue allows for HTML Injection in Knowledge Base KB articles, leading to complete page defacement that can imitate the login page. Authenticated users with the read knowledge article privilege...

8.5CVSS6.3AI score0.00314EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/10 12:21 a.m.18 views

CVE-2023-51295

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...

6.5CVSS7AI score0.00316EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/05/09 6:8 p.m.6 views

CVE-2025-20216

A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the web interface. An...

4.7CVSS6.6AI score0.00279EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/09 12:28 a.m.9 views

CVE-2025-29154

HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacaotreinamento/, .galera.app/rh/metas/perspectivaestrategica/edicao/, .galera.app/rh/cadastros/perspectivas/listagem/adc/,...

6.5CVSS7.9AI score0.00421EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 4:15 p.m.13 views

CVE-2023-51295

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...

6.5CVSS0.00316EPSS
Exploits2References3
OSV
OSV
added 2025/05/08 4:15 p.m.4 views

CVE-2023-51295

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...

6.5CVSS5.8AI score0.00316EPSS
Exploits2References3
Rows per page
Query Builder