PT-2024-18194

Name of the Vulnerable Software and Affected Versions Pyhtml2pdf version 0.0.6 Description The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. Recommendations For Pyhtml2pd...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker cou...

CVE-2023-20257

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker cou...

Cross-site Scripting (XSS)

readthedocssphinxsearch is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user content in the search results rendering function. This potentially allowing an attacker to include arbitrary HTML content in these results and that can leads to XSS...

CVE-2023-42890

A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system. Mitigation Mitigation for this issue is either not available or the currently...

Archer Platform Security Vulnerability

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform version 6.x prior to 6.13 P2 6.13.0.2 that stems from the presence of an HTML content injection vulnerability...

CVE-2023-48642

Archer Platform 6.x before 6.13 P2 6.13.0.2 contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through...

CVE-2023-48642

CVE-2023-48642 affects Archer Platform 6.x up to 6.13 P2 (6.13.0.2). The issue is an authenticated HTML content injection vulnerability in the data store; a remote authenticated Archer user can store malicious HTML code in a trusted application data store, with victim users’ browsers executing it...

Cross Site Scripting (XSS)

org.owasp.esapi:esapi is vulnerable to Cross-site Scripting XSS. The Validator.isValidSafeHTML method, which is responsible for determining whether user-supplied input is safe to include in HTML content, exhibits a flaw that can lead to false negatives. This means that the method may incorrectly...

CVE-2021-22142

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to condu...

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

PT-2023-28989 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.6.11 BigBlueButton versions prior to 2.7.0-beta.3 Description: The issue affects BigBlueButton, an open-source virtual classroom, where the Guest Lobby is vulnerable to cross-site scripting. This occurs when...

Cross-site Scripting

tinymce is vulnerable to Cross-site Scripting. The vulnerability is due to the memBannerText function in Notification.ts which lacks HTML content sanitization within. This allows attacker to perform cross-site scripting XSS attacks while rendering or handling the HTML content of notifications...

CVE-2022-47187

There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file...

CVE-2022-47187

There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file...

Unrestricted file upload

There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file...

CVE-2022-47187 File upload XSS vulnerability in Generex CS141

There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file...

PT-2023-15227 · Generex · Generex Cs141

Name of the Vulnerable Software and Affected Versions: Generex CS141 versions prior to 2.06 Description: The issue is related to a file upload XSS vulnerability. The web application allows file uploading, which makes it possible to upload a file with HTML content. When HTML files are allowed, an...

CVE-2023-39955

Nextcloud Notes (for Nextcloud) is affected. A cross-site scripting issue exists in Notes versions 4.4.0 through 4.8.0 where creating a note file with HTML causes the content to render in the preview instead of offering the file for download. The issue is fixed in Notes 4.8.0. No workarounds are ...