CVE-2026-39839

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

PT-2025-43281

Name of the Vulnerable Software and Affected Versions AmentoTech Doctreat versions through 1.6.7 Description The software contains an Improper Neutralization of Script-Related HTML Tags in a Web Page issue, which allows for Code Injection. This is a Basic Cross-Site Scripting XSS condition...

EUVD-2001-0818

Malware in sbrugna...

EUVD-2021-28939

Malicious code in bioql PyPI...

CVE-2022-46904

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS...

CVE-2024-11824

A stored cross-site scripting XSS vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like and are not disallowed, allowing an attacker to inject malicious HTML into the log via prompts. When an adm...

PT-2024-41124 · Ооо 'Симпл 1' · Simpleone Platform

Уязвимость программного обеспечения SimpleOne Platform, связанная с непринятием мер по нейтрализации scipt-related тэгов html на веб-странице. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, внедрить HTML-тег с указанием ссылки на внешний ресурс...

U.S. Dept Of Defense: Reflected Cross-site Scripting via search query on ██████

The summary is as follows: A reflected cross-site scripting vulnerability was discovered in the search query functionality of the ████████ website. An attacker could execute arbitrary JavaScript code in the victim's browser by injecting malicious payload into the search query parameter...

Hardcoded credentials

Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action - Create a new Contextualize Action - Inject your HTML tag in the name field...

CVE-2021-41943

Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action - Create a new Contextualize Action - Inject your HTML tag in the name field...

CVE-2022-46906

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

CVE-2022-46903

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS...

Devolutions Server 跨站脚本漏洞

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in versions of Devolutions Server prior to 2022.2, which stems from the fact that some HTML tags can be injected into the head...

PT-2022-19511 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions 5.8.5 and earlier Description: The issue allows an authenticated attacker to inject HTML tags in the schedule report function, leading to the reformatting or editing of emails from an official email address. Recommendations...

GHSA-9VHV-P9R7-RM53 HTML tag injection

Serve Handler, before 5.0.3, has a XSS via HTML tag injection in directory lisiting page...

GitLab Username Format Restriction Bypass Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A vulnerability exists in GitLab versions prior to 13.1 that can be exploited to bypass the usernam...

CVE-2020-12815

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields...

A week in security (May 14 – May 20)

Last week, we looked at the deluge of incoming policies caused by GDPR, tackled Adobe Reader zero days, and ran through some iPhone security tips. We also caught some helpline scammers in the act, explored advergaming, got our Senate Bill game face on, and deep dived into Drupal vulnerabilities...

Cross-Site Scripting (XSS) in HTML tag

Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...

CVE-2003-0283

Cross-site scripting XSS vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "" before a tag name in the 1 subject, 2 author's name, or 3 author's e-mail...