CVE-2025-40679

HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/categoryproductsearch', affecting the 'productname' parameter...

CVE-2025-40679

CVE-2025-40679 describes an HTML injection in Isshue by Bdtask resulting from insufficient validation of the product_name input in a POST to /category_product_search (or variant paths in connected records). Affected component is the Isshue module of Bdtask software; root cause is improper input v...

Bdtask Isshue Cross-Site Script Vulnerability

Bdtask Isshue is a multi-store e-commerce shopping cart software developed by Bdtask Inc. Bdtask Isshue has a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of the productname parameter in POST requests sent to /categoryproductsearch, which may lead to...

IBM Application Gateway security vulnerabilities

IBM Application Gateway is an application gateway offered by the American multinational company International Business Machines IBM. It provides a containerized secure web reverse proxy that is designed to be placed before your applications, seamlessly adding authentication and authorization...

PT-2026-3623

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-67824

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when t...

PT-2026-3552

HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category product search', affecting the 'product name' parameter...

PT-2026-3554

HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter...

Cross-site Scripting (XSS)

opencode-ai is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of LLM-generated markdown that allows arbitrary HTML and JavaScript to be injected into the DOM, which allows an attacker to execute malicious scripts in the local web interface origin...

PT-2026-3464

Name of the Vulnerable Software and Affected Versions OpenProject versions 16.3.0 through 16.6.4 Description OpenProject is a web-based project management software. A stored cross-site scripting issue exists in the Roadmap view. The issue occurs when a version contains work packages from a...

WordPress Kunze Law plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...

CVE-2025-31510

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...

CVE-2021-47768

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

CVE-2021-47768

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

EUVD-2026-2765

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

CVE-2021-47768 ImportExportTools NG 10.0.4 - HTML Injection

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

CVE-2021-47768

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

CVE-2021-47768

The CVE-2021-47768 entry concerns ImportExportTools NG 10.0.4, where a persistent HTML injection flaw exists in the email export module. The vulnerability allows remote attackers to inject malicious HTML payloads by crafting HTML in the subject line, which can execute during HTML export and poten...

CVE-2021-47768 ImportExportTools NG 10.0.4 - HTML Injection

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

PT-2026-3044

Name of the Vulnerable Software and Affected Versions ImportExportTools NG version 10.0.4 Description ImportExportTools NG has a persistent HTML injection issue in the email export module. Remote attackers can inject malicious HTML payloads. Attackers can send emails with crafted HTML in the...