UBUNTU-CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

CVE-2025-45160

Cacti ≤ 1.2.29 is affected by a HTML injection in the file-upload flow. The issue arises when a file with an invalid format is uploaded: the submitted filename is echoed back in an error popup without sanitization, enabling injection of HTML elements (e.g., , , ) into the rendered page. Some sour...

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti = 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements...

EUVD-2025-206538

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page...

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

CVE-2026-24010 Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover

Horilla is a free and open source Human Resource Management System HRMS. A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a malicious HTML file disguised as a profile picture, an attacker...

CVE-2026-24010 Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover

Horilla is a free and open source Human Resource Management System HRMS. A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a malicious HTML file disguised as a profile picture, an attacker...

CVE-2026-24010

Horilla HRMS is affected by a critical HTML file upload vulnerability (pre-1.5.0) that, aided by social engineering, allows an authenticated user to upload a malicious HTML file disguised as a profile picture. When a victim visits the file URL, they are shown a convincing Session Expired/login pr...

CVE-2026-24010 Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover

Horilla is a free and open source Human Resource Management System HRMS. A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a malicious HTML file disguised as a profile picture, an attacker...

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

CVE-2025-27380 HTML Injection Leading to Script Execution in Altium Enterprise Server

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

CVE-2025-27380 HTML Injection Leading to Script Execution in Altium Enterprise Server

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

PT-2026-7943

Name of the Vulnerable Software and Affected Versions Solspace Freeform plugin for Craft CMS versions 5.0 through 5.14.6 Description A low-privilege authenticated user with form creation/editing permissions can inject arbitrary HTML and JavaScript code into the Craft Control Panel builder and...

PT-2026-3896

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server AES version 7.0.3 Description An authenticated attacker can execute arbitrary JavaScript in a victim’s browser through crafted HTML content within the Project Release feature. This impacts all platforms. Recommendation...

Altium Enterprise Server security vulnerabilities

Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. Version 7.0.3 of Altium Enterprise Server contains a security vulnerability. This vulnerability stems from HTML injection in Project Release, which may allow arbitrary JavaScrip...

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...