CVE-2024-2619

The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...

CVE-2019-12834

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

CVE-2024-2848

The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into th...

PT-2026-2136

Name of the Vulnerable Software and Affected Versions Preact versions 10.26.5 through 10.26.9 Preact versions 10.27.0 through 10.27.2 Preact versions 10.28.0 through 10.28.1 Description Preact, a lightweight web development framework, has an issue with JSON serialization protection. A regression...

PT-2026-1678

Name of the Vulnerable Software and Affected Versions Yahei-PHP Prober version 0.4.7 Description The software contains a remote HTML injection issue that enables attackers to execute arbitrary HTML code. This is achieved by injecting malicious HTML code into the speed GET parameter of the...

PT-2026-29241

Name of the Vulnerable Software and Affected Versions DNSdist affected versions not specified Description An attacker may be able to inject HTML content into the internal web dashboard by sending specially crafted DNS queries to a DNSdist instance. This is possible when domain-based dynamic rules...

CVE-2021-47725 STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting via Files Parameter

STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the...

CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...

EUVD-2025-205848

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...

CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...

CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...

PT-2025-54221

Name of the Vulnerable Software and Affected Versions TrueConf versions 5.5.2.10813 Description A flaw exists in TrueConf server version 5.5.2.10813 that allows for the injection of arbitrary HTML code through the conference description field. This issue is present in the Create/Edit conference...

CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...

CVE-2025-36230

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-68927

Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...

CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk

Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...

CVE-2025-68927

Libredesk prior to version 0.8.6-beta is vulnerable to stored HTML injection in the contact notes feature. Notes added via POST /api/v1/contacts/{id}/notes are wrapped in tags; removing the wrapper in transit allows attackers to inject arbitrary HTML (e.g., forms, images) that is stored and rend...

Libredesk 跨站脚本漏洞

Libredesk is a user support platform by the individual developer Abhinav Raut. A cross-site scripting vulnerability exists in versions prior to Libredesk 0.8.6-beta, which stems from a stored HTML injection issue in the contact notes feature that could lead to phishing and CSRF attacks...

PT-2025-53612

Name of the Vulnerable Software and Affected Versions Libredesk versions prior to 0.8.6-beta Description Libredesk is a self-hosted customer support desk application. A stored HTML injection issue exists in the contact notes feature. When adding notes through the POST /api/v1/contacts/id/notes...

CVE-2025-36230

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...