15775 matches found
CVE-2025-67849
CVE-2025-67849 affects Moodle with an XSS flaw caused by improper sanitization of AI prompt responses. The vulnerability allows injecting malicious HTML/script into pages viewed by other users, potentially stealing sessions or manipulating the UI. Connected sources (Nessus/NASL, CVE records, OSV/...
CVE-2025-59902
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...
CVE-2025-59902 HTML injection in NICE Chat
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...
CVE-2025-59902
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...
CVE-2025-59902 HTML injection in NICE Chat
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...
EUVD-2025-206732
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...
Tenda AC7 跨站脚本漏洞
The Tenda AC7 is a wireless router produced by the Chinese company Tenda. Versions of the Tenda AC7 such as V03.03.03.01cn and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper encoding in the web management interface, which could allow the injection...
NICE Chat 跨站脚本漏洞
NICE Chat is a web chat tool developed by NICE Chat Corporation. NICE Chat has a cross-site scripting vulnerability, which stems from HTML injection. This vulnerability may lead to phishing attacks, identity impersonation, or credential theft...
PT-2026-5927
Name of the Vulnerable Software and Affected Versions NICE Chat affected versions not specified Description An HTML injection issue exists in NICE Chat. The issue allows an attacker to inject and display arbitrary HTML content within email transcripts. This is achieved by manipulating the firstNa...
PT-2026-5959
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle due to improper sanitization of AI prompt responses. This allows attackers to inject malicious HTML or script into web pages. Successful exploitation could lead to...
PT-2026-6189
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn Description The software contains an improper output encoding issue in the web management interface. User-supplied input is reflected in HTTP responses without sufficient escaping,...
CVE-2025-6591 HTML injection in API action=feedcontributions output from i18n message
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7 1.43.2, 1.44.0...
CVE-2025-6591 HTML injection in API action=feedcontributions output from i18n message
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7 1.43.2, 1.44.0...
CVE-2025-6591
CVE-2025-6591 affects Wikimedia Foundation MediaWiki, specifically the ApiFeedContributions.Php program file. The vulnerability enables HTML injection in the API output (action=feedcontributions) and affects MediaWiki releases listed as vulnerable before 1.39.13, 1.42.7, 1.43.2, and 1.44.0. Red H...
SUSE CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...
Linux Distros Unpatched Vulnerability : CVE-2025-45160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintaine...
DEBIAN-CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...
CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...
CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...
CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...