15775 matches found
📄 CMS Sense 2.0 Cross Site Scripting
CMS Sense version 2.0 suffers from a cross site scripting vulnerability. ================================================================================================================================== | Title : CMS sense v 2.0 HTML Injection Leading to XSS via Attribute Breakout | | Author :...
EUVD-2026-22096
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...
CVE-2026-26460
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...
CVE-2026-33657
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...
CVE-2026-33657 EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...
EUVD-2026-22081
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...
CVE-2026-33657 EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...
CVE-2026-33657
CVE-2026-33657 affects EspoCRM up to version 9.3.3, where an stored HTML injection vulnerability allows an authenticated user with standard privileges to inject HTML into system-generated email notifications. Root cause: server-side Handlebars templates render the unescaped post field (triple-bra...
GHSA-VFFH-X6R8-XX99 Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer
Impact Stored cross-site scripting XSS via crafted metric names in the Prometheus web UI: Old React UI + New Mantine UI: When a user hovers over a chart tooltip on the Graph page, metric names containing HTML/JavaScript are injected into innerHTML without escaping, causing arbitrary script...
EUVD-2026-21928
Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser...
CVE-2026-31281
Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...
CVE-2026-31281
Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...
CVE-2026-31281
Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...
CVE-2026-31281
CVE-2026-31281 — Totara LMS HTML Injection : Totara LMS v19.1.5 and earlier is described as vulnerable to HTML injection via a message sent to users, enabling the attacker to execute HTML/JS in the victim’s browser and potentially causing session hijacking and command execution on the user’s devi...
PT-2026-32358
Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser...
Totara LMS 安全漏洞
Totara LMS is an learning management system provided by the Totara company. Versions of Totara LMS prior to v19.1.5 contained security vulnerabilities. These vulnerabilities were caused by HTML injection, which could allow attackers to send malicious HTML code to all users, thereby hijacking...
Vtiger CRM 安全漏洞
Vtiger CRM is a customer relationship management system developed by Vtiger Corporation in the United States, based on SugarCRM. This system provides functions for managing, collecting, and analyzing customer information. Version Vtiger CRM 8.4.0 has a security vulnerability that stems from...
CVE-2026-26460
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...
CVE-2026-26460
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...
PT-2026-32521
Name of the Vulnerable Software and Affected Versions Vtiger CRM version 8.4.0 Description An HTML Injection issue exists in the Dashboard module. The application fails to properly neutralize user-supplied input in the tabid parameter of the 'DashBoardTab' view 'getTabContents' action, allowing a...