CVE-2021-41791

An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker given that he has privileges on...

Design/Logic Flaw

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

CVE-2021-32671

CVE-2021-32671 concerns Flarum’s translation system, which allowed string inputs to be rendered as HTML DOM nodes, enabling cross-site scripting in certain user inputs (notably the forum search box). The vulnerability affects Flarum v1.0.0/v1.0.1 and is due to rendering user-provided markup witho...

CVE-2020-35542

Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack...

CVE-2020-35542

Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack...

Unisys Data Exchange Management Studio 跨站脚本漏洞

Unisys Data Exchange Management Studio is a data exchange component from the American company Unisys. A cross-site scripting vulnerability exists in Unisys Data Exchange Management Studio version 5.0.34 and prior versions, which originates from input that is not cleared from HTML document fields,...

Cross-Site Scripting (XSS)

flow-server is vulnerable to cross-site scripting. The vulnerability exists due to the use of the HTML input not sanitized before added to the template...

Command injection

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...

CVE-2021-3291

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...

CVE-2020-27193

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

CVE-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

CVE-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

Design/Logic Flaw

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

CVE-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

XSS injection in the Grid component of Sylius

Grid component of Sylius omits HTML input sanitisation while rendering object implementing toString method through the string field type...

Arbitrary Code Execution

html-pdf is vulnerable to arbitrary code execution. The vulnerability exists as it does not sanitize html input, allowing information to be exfiltrated through arbitrary XHR requests...

Cross-Site Scripting (XSS)

antixss is vulnerable to cross-site scripting XSS. The library does not properly evaluate characters after the detection of a Cascading Style Sheets CSS escaped character, which allows remote attackers to conduct cross-site scripting XSS attacks via HTML input...

CVE-2019-11033

Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerability with a payload starting with the substring...