CVE-2024-34697

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

SUSE CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

Google Chrome Insufficient Policy Enforcement Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an Insufficient Policy Enforcement vulnerability, which stems from a failure to strictly enforce established security policy constraints when handling WebView tags, resulting in some high-privilege pages not being...

CVE-2026-22028

A flaw was found in Preact, a lightweight web development framework. A security regression allows an attacker to bypass JSON serialization protection, leading to HTML injection. This vulnerability arises when applications process unsanitized data from external sources, allowing malicious JSON to ...

CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

UBUNTU-CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

CVE-2019-25280

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions...

Yahei-PHP Prober 跨站脚本漏洞

Yahei-PHP Prober is a PHP environment checking script by an individual developer in Zhou, China. A cross-site scripting vulnerability exists in Yahei-PHP Prober version 0.4.7, which stems from unvalidated input of the speed parameter in the prober.php file, which could lead to an HTML injection...

Linux Distros Unpatched Vulnerability : CVE-2026-22028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A...

CVE-2019-25280

Yahei-PHP Prober 0.4.7 contains a remote HTML injection (XSS) in the speed parameter of prober.php. The vulnerability arises from unvalidated input in the speed GET parameter, allowing an attacker to inject arbitrary HTML that can execute in a user’s browser. Affected software: Yahei-PHP Prober, ...

CVE-2019-25280 Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions...

GHSA-36HM-QXXP-PG3M Preact has JSON VNode Injection issue

Impact Vulnerability Type: HTML Injection via JSON Type Confusion Affected Versions: Preact 10.26.5 through 10.28.1 Severity: Low to Medium see below Who is Impacted? Applications using affected Preact versions are vulnerable if they meet all of the following conditions: 1. Pass unmodified,...

Preact has JSON VNode Injection issue

Impact Vulnerability Type: HTML Injection via JSON Type Confusion Affected Versions: Preact 10.26.5 through 10.28.1 Severity: Low to Medium see below Who is Impacted? Applications using affected Preact versions are vulnerable if they meet all of the following conditions: 1. Pass unmodified,...

CVE-2019-7331

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" monitor.php. There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack...

CVE-2019-16268

Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen...

CVE-2019-16178

A stored cross-site scripting XSS vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page...

CVE-2019-16954

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket...

CVE-2006-3025

Cross-site scripting XSS vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2024-2619

The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...

CVE-2019-12834

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...