450 matches found
PT-2025-39244
Name of the Vulnerable Software and Affected Versions Schema & Structured Data for WP & AMP versions prior to 1.50 Description The software does not properly handle HTML tag attribute modifications, which allows for unauthenticated attackers to conduct Stored Cross-Site Scripting XSS attacks via...
Cross-site Scripting (XSS)
Overview ammonia is a whitelist-based HTML sanitization library. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the cleaning process when handling embedded svg or math tags. An attacker can execute arbitrary scripts in the context of the affected application by...
CVE-2025-34175
In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...
Netgate pfSense CE 安全漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the policyname parameter not being cleaned of...
Linux Distros Unpatched Vulnerability : CVE-2024-53986
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of...
CVE-2025-48700
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...
CVE-2025-48700
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...
PT-2025-26606
Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS versions 8.8.15, 9.0, 10.0 and 10.1 Description A Cross-Site Scripting XSS issue exists in the Zimbra Classic UI due to insufficient sanitization of HTML content. This allows attackers to execute arbitrary JavaScript...
CLSA-2025-1749505823 gcc: Fix of CVE-2020-11023
CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code...
CVE-2025-32015
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...
CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc>
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...
CVE-2025-32015
FreshRSS before version 1.26.2 is affected by an XSS in the iframe srcdoc sanitization, allowing an attacker to load UserJS via a script src if they control a victim feed and have a user account. The attacker could access the victim’s account; if the victim is an admin, they could delete users or...
PT-2025-23853 · Freshrss · Freshrss
Name of the Vulnerable Software and Affected Versions: FreshRSS versions prior to 1.26.2 Description: The issue is related to improper HTML sanitization inside the attribute, leading to cross-site scripting XSS by loading an attacker's UserJS inside . To execute the attack, the attacker needs to...
BIT-MOODLE-2024-34006 moodle: unsanitized HTML in site log for config_log_created
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...
CVE-2024-20462
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML conte...
CVE-2024-23635
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...
CVE-2024-50582
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...
CVE-2024-45031
When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser whe...
CVE-2024-56510
@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...
CVE-2023-41167
@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...