SUSE CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...

CVE-2022-31187

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users...

CVE-2022-31187 Stored Cross Site Scripting (XSS) through global search in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users...

PT-2022-23148 · Discourse · Discourse-Chat

Name of the Vulnerable Software and Affected Versions: Discourse-Chat versions prior to 0.9 Description: The issue affects users of Discourse Chat, an asynchronous messaging plugin for the Discourse open-source discussion platform. Admin users can insert HTML into chat titles and descriptions,...

08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +6355 more potentially affected by CVE-2022-25887 via sanitize-html (>=0.1.4 <=2.7.0)

sanitize-html NPM version =0.1.4, =1.0.0, =0.15.4, =4.11.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.0.1, =0.6.0, =3.0.19, =3.0.25 and more Source cves: CVE-2022-25887 Source advisory: OSV:GHSA-CGFM-XWP7-2CVR...

5etools-utils (>=0.15.4 <=0.16.8), 7ghost (>=4.11.0 <=4.11.46) +3577 more potentially affected by CVE-2022-25887 via sanitize-html (>=2.10.0 <=2.7.0)

sanitize-html NPM version =2.10.0, =0.15.4, =4.11.0, =0.1.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.0.1, =3.0.19, =1.3.0, =2.6.0, =2.0.0, =0.0.1, =0.0.5, =2.5.1 and more Source cves: CVE-2022-25887 Source advisory: SNYK:JS-SANITIZEHTML-2957526...

GHSA-PGJX-7F9G-9463 Improper handling of email input

Impact An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: [email protected], Before signing in, claim your money!. This was previously sent to...

CVE-2021-27781

The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...

GHSA-3G6W-4M7X-97V6 Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "u,translate."...

GHSA-5XMG-W578-GQ5J Joomla! Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in libraries/idnaconvert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

Stored XSS vulnerability in Config File Provider Plugin

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins...

Cross-site Scripting in Jenkins Build Failure Analyzer plugin

Cross-site scripting XSS vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

GHSA-H6PX-PVFH-Q2JV Moodle vulnerable to Cross-Site Scripting

Cross-site scripting XSS vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment...

CVE-2021-26948

Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file...

CVE-2021-44829

Cross Site Scripting XSS vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter...

CVE-2021-43808

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...

CVE-2021-23654

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

Design/Logic Flaw

An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2020-19283

A reflected cross-site scripting XSS vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +24129 more potentially affected by CVE-2021-23424 via ansi-html (>=0.0.4 <=0.0.7)

ansi-html NPM version =0.0.4, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 -...