Design/Logic Flaw

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126...

CVE-2021-44197 XSS in UBIT Information Technologies Student Information Management System

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in UBIT Information Technologies Student Information Management System. This issue affects Student Information Management System: before 20211126...

CVE-2023-27472

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...

CVE-2023-27472 HTML tags in entity names in the tree view are not sanitised in quickentity-editor-next

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...

CVE-2023-27472

The CVE-2023-27472 issue affects quickentity-editor-next. It arises because HTML tags in entity names are not sanitized, enabling XSS and potentially arbitrary code execution within the browser sandbox simply by loading a file containing a script tag in an entity name. The vulnerability is mitiga...

PT-2023-21150 · Unknown · Quickentity-Editor-Next

Name of the Vulnerable Software and Affected Versions: quickentity-editor-next versions prior to 1.28.1 Description: The issue concerns an open source, system local, video game asset editor. In affected versions, HTML tags in entity names are not sanitized, leading to an XSS vulnerability. This...

SUSE CVE-2006-1273

Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service crash via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggestin...

SUSE CVE-2017-15705

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and...

SUSE CVE-2018-5124

Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1...

XSS in HTML-Tags

Description Cross site scripting vulnerability in pimcore/pimcore in HTML-Tags of "SEO & Settings" Proof of Concept 1. Login in stable account URL : https://demo.pimcore.fun/admin/?dc=1675166039&perspective= 2. Go to Home --- SEO & Settings 3. Enter Payload in HTML-Tags For More Understanding...

GHSA-FPMR-QMGH-42X2 Apache Superset vulnerable to Injection

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...

CVE-2022-43720

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...

Design/Logic Flaw

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...

CVE-2022-43720

CVE-2022-43720 affects Apache Superset (notified in multiple sources). An authenticated attacker with write permissions on CSS templates can create a record containing specific HTML tags that are not properly escaped by the toast message shown when deleting that CSS template, enabling HTML/Script...

CVE-2022-46904

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS...

CVE-2022-46906

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

CVE-2022-46905

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

Cross site scripting

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS...

Cross site scripting

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

CVE-2022-46903

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS...