CVE-2022-46904

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS...

Fortinet FortiSOAR Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Fortinet FortiSOAR, a security orchestration, automation and response SOAR solution from Fortinet, Inc. input fields of various components within FortiSOAR to inject HTML tags...

Input validation

Improper neutralization of input during web page generation CWE-79 in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR...

Remote Code Execution

thunderbird is vulnerable to remote code execution. Quoting from an email with certain HTML tags will trigger network requests and load remote content, regardless of a configurations to block remote content resulting in remote code execution...

UBUNTU-CVE-2022-39371

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has...

CVE-2022-39371 Stored Cross-Site Scripting (XSS) through asset inventory in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has...

CVE-2022-39371 Stored Cross-Site Scripting (XSS) through asset inventory in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has...

Reflected Cross-Site Scripting due to Improper Sanitization

Description User Input that is reflected in a JavaScript Context is not properly sanitized. The User Input is reflected inside of a single-quoted string and single-quotes are encoded. However, there is an issue with the entity removing HTML tags that prevents single-quotes from being encoded. Thi...

CVE-2022-31187

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users...

Out-of-bounds

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users...

MercadoLibre: Stored XSS in reclamos

Stored XSS vulnerability was discovered in the reclamos section of MercadoLibre. The issue was reported by @valent1ne, who provided clear steps to reproduce the vulnerability and a proof-of-concept code. MercadoLibre acknowledged the issue and implemented a fix...

The vulnerability of the TrueConf Server software lies in the lack of measures taken to eliminate script-related HTML tags on web pages, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the TrueConf Server software is related to the failure to take measures to eliminate script-related HTML tags on web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...

CVE-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...

CVE-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...

Moderate: lynx security update

Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. Security Fixes: lynx: Disclosure of HTTP authentication credentials via SNI data CVE-2021-38165 For more details about the security issues, including the impact, a CVS...

Cross-site Scripting (XSS)

froxlor/froxlor is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of input via the customermail GET parameter allowing an attacker to input HTML tags which will be reflected in the login webpage...

Input validation

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags...

CVE-2022-25620

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 versio...

Static Code Injection

Description The Microweber application allows HTML tags in the "First name", "Last name" and "Phone number" which can be exploited by Injecting HTML payloads. Proof of Concept 1.While buying product we need to fill contact information form. 2.Insert your html code in code block. e.g., Hurry Up!Go...