Lucene search
K

537 matches found

OSV
OSV
added 2026/02/03 12:0 a.m.5 views

CVE-2025-65924

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...

4.1CVSS5.6AI score0.00227EPSS
Exploits0References3
NVD
NVD
added 2026/01/23 3:16 p.m.5 views

CVE-2026-24564

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

4.3CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.4 views

CVE-2025-47600

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

5.3CVSS0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.9 views

CVE-2020-12815

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields...

5.4CVSS6.4AI score0.00851EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.6 views

CVE-2022-31187

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users...

6.8CVSS6.7AI score0.00589EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.7 views

CVE-2024-2736

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00516EPSS
Exploits0References1
OSV
OSV
added 2025/12/22 6:15 p.m.5 views

GO-2025-4243 Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk

Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk...

8.6CVSS6.5AI score0.00193EPSS
Exploits1References1
NVD
NVD
added 2025/12/18 8:16 a.m.4 views

CVE-2025-64225

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

6.5CVSS0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 9:31 a.m.4 views

EUVD-2025-203594

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...

5.3CVSS6AI score0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 2:52 p.m.3 views

CVE-2025-63068 WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.5...

5.3CVSS5.2AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.10 views

PT-2025-50068

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through = 5.0.3...

6.6AI score0.00245EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/08 11:7 a.m.7 views

Cross-site Scripting

Apache SkyWalking is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML tags, allowing attackers to inject malicious JavaScript into web pages...

6.1CVSS6AI score0.00625EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2025/12/03 12:0 a.m.6 views

Apache SkyWalking Cross-Site Scripting Vulnerability (CNVD-2025-30566)

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...

6.1CVSS6.1AI score0.00625EPSS
Exploits0References1
OSV
OSV
added 2025/11/27 11:15 a.m.7 views

PYSEC-2025-154

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

WordPress plugin xSmart 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.8AI score0.00238EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/15 7:29 p.m.3 views

Cross-site Scripting (XSS)

Overview mailgen is a Generates clean, responsive HTML e-mails for sending transactional mail. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the generatePlaintext function. An attacker can execute arbitrary JavaScript code in the context of the victim's browser ...

6.3CVSS5.4AI score0.00409EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2006-3362

Malware in sbrugna...

2.6CVSS6.4AI score0.01817EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-0071

Malware in sbrugna...

4.3CVSS6.4AI score0.01283EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-5581

Malware in sbrugna...

8.3CVSS8.1AI score0.01418EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5098

Malware in sbrugna...

5.4CVSS5.5AI score0.00851EPSS
Exploits0References2
Rows per page
Query Builder