15775 matches found
CVE-2026-35466
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services...
CVE-2026-35466 Stored XSS via unsanitized input from remote service
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services...
CVE-2026-33978
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...
EUVD-2026-18152
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates...
CVE-2026-29136 CA Notification HTML Injection
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates...
CVE-2026-29136
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates...
CVE-2026-29136 CA Notification HTML Injection
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates...
PT-2026-29700
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates...
CVE-2025-66486
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-66486
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-66486
IBM Aspera Shares versions 1.9.9–1.11.0 are vulnerable to HTML injection, enabling a remote attacker to inject HTML that runs in the victim’s browser within the site’s security context. The issue affects IBM Aspera Shares web application components and is addressed by upgrading to version 1.11.1 ...
CVE-2025-66486 Multiple vulnerabilities have been addressed in IBM Aspera Shares
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2026-32243
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted...
EUVD-2026-17658
AVideo: Reflected XSS via Unescaped ip Parameter in UserLocation testIP.php...
PT-2026-29644
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
IBM Aspera Shares 安全漏洞
IBM Aspera Shares is a web application developed by IBM. Versions 1.9.9 to 1.11.0 of IBM Aspera Shares contain security vulnerabilities. These vulnerabilities are due to susceptibility to HTML injection attacks, which could allow remote attackers to inject malicious HTML code and execute it in th...
Linux Distros Unpatched Vulnerability : CVE-2026-0396
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic...
SUSE CVE-2026-0396
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...
CVE-2026-34716 AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the jQuery Toast Plugin, passing the caller's display name directly as the heading parameter. The toast plugin constructs the heading as...
CVE-2026-32243
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted...