Ice Hrm Cross-Site Scripting Vulnerability (CNVD-2022-67480)

Ice Hrm is a human resource management system, and a cross-site scripting vulnerability exists in Ice Hrm version 30.0.0.OS. The vulnerability stems from the inability of the IceHRM website to effectively filter html tags in user input, which could be exploited by a logged-in attacker to steal...

CVE-2022-22791 SYNEL - eharmony Authenticated Blind & Stored XSS

SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system...

CVE-2021-0933

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...

CVE-2021-0933

CVE-2021-0933 relates to Android Bluetooth pairing flow, where HTML tags could disrupt the consent dialog due to improper input validation in CompanionDeviceActivity.java or DeviceChooserActivity.java. The issue enables remote elevation of privilege by coercing a user into pairing a malicious Blu...

CVE-2021-0933

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...

CVE-2021-41095 XSS via blocked watched word in error message

Discourse is an open source discussion platform. There is a cross-site scripting XSS vulnerability in versions 2.7.7 and earlier of the stable branch, versions 2.8.0.beta6 and earlier of the beta branch, and versions 2.8.0.beta6 and earlier of the tests-passed branch. Rendering of some error...

Cross site scripting

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...

CVE-2021-24610 TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...

[SECURITY] Fedora 33 Update: lynx-2.8.9-13.fc33

Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx has over graphical browsers is speed; Lynx starts and exits quickly and swiftly displays web pages...

CVE-2021-28121

Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field...

Design/Logic Flaw

Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field...

CVE-2021-28121

Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field...

CVE-2021-28121

CVE-2021-28121 affects the WordPress plugin Virtual Robots.txt (versions before 1.10). The root cause is lack of sanitization in the robots.txt field, allowing HTML tags to be stored and later reflected, with indications of authenticated stored XSS in public disclosures (e.g., WPEX/WPVulndb entri...

CVE-2020-27511

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...

UBUNTU-CVE-2020-27511

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...

CVE-2020-27511

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...

CVE-2020-27511

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...

Cross site scripting

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to...

Cross site scripting

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

CVE-2021-29503 Improper Neutralization of Script-Related HTML Tags in Notes

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...