15781 matches found
CVE-2025-67712
There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...
CVE-2025-67712 HTML injection issue in ArcGIS Web App Builder
There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...
CVE-2025-67712 HTML injection issue in ArcGIS Web App Builder
There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...
CVE-2025-67712
CVE-2025-67712 is an HTML injection issue affecting Esri ArcGIS Web AppBuilder developer edition before 2.30. The vulnerability could allow a remote, unauthenticated attacker to entice a user to click a link that causes arbitrary HTML to render in the victim’s browser; there is no evidence of Jav...
Cross-site Scripting (XSS)
Overview orejime is an A lightweight and accessible consent manager Affected versions of this package are vulnerable to Cross-site Scripting XSS via the process that transforms data-href attributes into href attributes. An attacker can execute arbitrary JavaScript code by injecting malicious HTML...
CVE-2025-40893
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the...
CVE-2025-40891
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
EUVD-2025-204425
A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...
PT-2025-52514
Name of the Vulnerable Software and Affected Versions Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 Description An HTML injection issue exists in Esri ArcGIS Web AppBuilder developer edition that could allow a remote, unauthenticated attacker to cause arbitrary HTML to rende...
Esri ArcGIS Web AppBuilder 跨站脚本漏洞
Esri ArcGIS Web AppBuilder is a web application builder tool from Esri Corporation, USA. A cross-site scripting vulnerability exists in Esri ArcGIS Web AppBuilder developer edition prior to version 2.30, which originates from HTML injection and could lead to arbitrary HTML rendering...
CVE-2022-50684
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
CVE-2022-50684
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14.2 Vulnerability Details CVEID:CVE-2025-36228 DESCRIPTION: IBM Aspera Faspex 5 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled,...
CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
CVE-2022-50684
Summary of CVE-2022-50684 (Kentico Xperience HTML injection) An HTML injection vulnerability affects Kentico Xperience through unencoded form fields used in form submission emails. The underlying issue is lack of proper filtering/escaping of user-supplied data, allowing injected HTML content to b...
CVE-2025-40891
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
CVE-2025-40891
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
CVE-2025-40893
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the...
CVE-2025-40893 HTML injection in Asset List in Guardian/CMC before 25.5.0
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the...