RHEL 8 : tbb (RHSA-2025:1217)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1217 advisory. Threading Building Blocks TBB is a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance...

CVE-2025-22402

Dell Update Manager Plugin, versions 1.5.0 through 1.6.0, contains an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

Dell Update Manager Plugin 安全漏洞

Dell Update Manager Plugin is an update management plugin from Dell USA. The Dell Update Manager Plugin suffers from a cross-site scripting vulnerability that originates from improperly neutralized HTML tags, which can be exploited by an attacker to cause information disclosure...

The vulnerability of the IBM Control Center’s process monitoring and control system lies in its failure to remove scipt-related HTML tags from web pages. This allows attackers to execute arbitrary code or gain access to confidential information.

The vulnerability of the IBM Control Center’s process monitoring and control system lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or gain access to confidential information...

CVE-2020-13321

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...

CVE-2024-38354

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...

BIT-SUPERSET-2022-43720 Apache Superset: Improper rendering of user input

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...

CVE-2024-24556

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

CVE-2024-44061

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory EU/UK VAT Manager for WooCommerce eu-vat-for-woocommerce.This issue affects EU/UK VAT Manager for WooCommerce: from n/a through = 2.12.14...

CVE-2025-24680

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Reflected XSS.This issue affects WP Multistore Locator: from n/a through = 2.4.7...

CVE-2025-24673

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through = 0.1.2...

CVE-2025-24678 WordPress Listamester Plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in listamester Listamester listamester allows Stored XSS.This issue affects Listamester: from n/a through = 2.3.4...

CVE-2025-23919 WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Ella Van Durpe Slides & Presentations slide allows Code Injection.This issue affects Slides & Presentations: from n/a through = 0.0.39...

CVE-2025-23919 WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Ella Van Durpe Slides & Presentations slide allows Code Injection.This issue affects Slides & Presentations: from n/a through = 0.0.39...

CVE-2024-47918

Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

CVE-2024-47918 Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

CVE-2024-56510

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-9427 Koji: escape html tag characters in the query string

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code...

Django Filer Unrestricted Upload of File with Dangerous Type

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3....