15781 matches found
EUVD-2025-204259
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the...
CVE-2025-40893 HTML injection in Asset List in Guardian/CMC before 25.5.0
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the...
CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
EUVD-2025-204261
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
CVE-2025-40891
The CVE-2025-40891 issue affects Nozomi Networks Guardian/CMC Time Machine Snapshot Diff functionality. An unauthenticated attacker can send crafted network packets at two different times to inject HTML into asset attributes across two snapshots. When a user interacts with the affected snapshots ...
BIT-GITLAB-2025-8405 Improper Encoding or Escaping of Output in GitLab
GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability...
BIT-GITLAB-2025-12734 Improper Encoding or Escaping of Output in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certain conditions, render content in dialogs to other users by injecting malicious HTML content into...
BIT-KIBANA-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...
EUVD-2023-60215
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...
PT-2025-52219
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
PT-2025-52306
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A flaw exists in Kentico Xperience that permits the injection of malicious HTML into form submission emails. This occurs because form fields are not properly encoded, allowing...
HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0
Summary A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. Impact An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset...
HTML injection in Asset List in Guardian/CMC before 25.5.0
Summary A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. Impact An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affecte...
PT-2025-52221
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the...
Nozomi Networks Guardian 跨站脚本漏洞
Nozomi Networks Guardian is a protection software from Nozomi Networks, Inc. Nozomi Networks Guardian suffers from a cross-site scripting vulnerability that stems from improper validation of network traffic data, which could lead to HTML injection attacks...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
GHSA-WH6M-H6F4-RJF4 Libredesk has Improper Neutralization of HTML Tags in a Web Page
Summary LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the request and removing the tag, an attacker can inject arbitrary HTML element...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...