15798 matches found
CVE-2025-45011
CVE-2025-45011 : HTML Injection vulnerability in PHPGurukul Park Ticketing Management System v2.0’s /foreigner-search.php (parameter: searchdata). Root cause: improper handling of searchdata input leading to HTML injection and potential code execution. Affected component: foreigner-search.php in ...
PT-2025-18258 · Ctrlx Os · Ctrlx Os
Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrar...
CVE-2025-45010
CVE-2025-45010 affects PHPGurukul Park Ticketing Management System v2.0 in the normal-bwdates-reports-details.php endpoint. The issue is HTML injection via the POST parameters fromdate and todate, enabling potential arbitrary code execution. No official fix/version is documented in the provided s...
PT-2025-18281 · Unknown · Phpgurukul Park Ticketing Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A HTML Injection issue was discovered in the normal-search.php file, allowing remote attackers to execute arbitrary code via the searchdata parameter. This enables attackers...
CVE-2025-45009
CVE-2025-45009 affects PHPGurukul Park Ticketing Management System v2.0. The vulnerability is HTML Injection in normal-search.php via the searchdata parameter, enabling remote attacker-controlled HTML output and potential code execution. Root cause: mishandling of the searchdata input. Impact per...
PHPGurukul Park Ticketing Management System 安全漏洞
Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from an HTML injection vulnerability that stems from improper handling of the fromdate and todate parameters in the normal-bwdates-reports-details.php file. No details of the...
CVE-2025-45009
A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter...
PT-2025-18282 · Unknown · Phpgurukul Park Ticketing Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A HTML Injection issue was discovered in the normal-bwdates-reports-details.php file. This issue allows remote attackers to execute arbitrary code via the fromdate and todat...
PT-2025-18283 · Unknown · Phpgurukul Park Ticketing Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A HTML Injection issue was discovered in the foreigner-search.php file, allowing remote attackers to execute arbitrary code via the searchdata POST request parameter in the...
Bosch Rexroth ctrlX OS 安全漏洞
Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, Germany, designed as an open control platform for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS that stems from mishandling of error notification messages, which cou...
CVE-2025-45011
A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter...
CVE-2024-11922
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...
CVE-2024-11922 Input Validation vulnerability in Web Client emails that do not go through Secure Mail
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...
CVE-2025-28102
A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...
CVE-2025-32960
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
CVE-2023-43378
A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...
CVE-2023-43378
CVE-2023-43378 corresponds to an XSS vulnerability in Hoteldruid v3.0.5, exploitable via a crafted payload in the commento1_1 parameter. The CVE entry indicates attackers can execute arbitrary web scripts or HTML in victims’ browsers. The associated metrics show a CVSS v3.1 base score of 6.1 (MED...
HTML Injection
verbb/formie is vulnerable to HTML injection. The vulnerability is due to insufficient sanitization of HTML content in the email notification preview feature, allows an attacker to inject malicious HTML content into the email notification preview...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Homepage Content argument in the system setting handler. An attacker can alter the display of web pages or redirect users to malicious websites by injecting arbitrary web script o...
CVE-2024-41447
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...