Linux Distros Unpatched Vulnerability : CVE-2019-25225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using...

CVE-2014-125128

'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href attribute in anchor tags , allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings...

08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +3097 more potentially affected by CVE-2019-25225 via sanitize-html (>=0.1.4 <=1.7.0)

sanitize-html NPM version =0.1.4, =1.0.0, =1.0.0, =1.0.0, =0.6.0, =0.1.0, =0.1.0, =11.1.0, =1.0.0, =1.0.1, =0.2.0, =0.1.0, =0.19.1-rc.2, =0.19.1-rc.4 and more Source cves: CVE-2019-25225 Source advisory: OSV:GHSA-QHXP-V273-G94H...

PT-2025-36446

Name of the Vulnerable Software and Affected Versions: SourceCodester Time Tracker version 1.0 Description: A cross-site scripting XSS vulnerability exists due to manipulation of the project-name argument. The vulnerability affects an unknown function within the /index.html file. The exploit is...

Linux Distros Unpatched Vulnerability : CVE-2017-5098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory...

Linux Distros Unpatched Vulnerability : CVE-2018-17846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and...

PT-2025-32553 · Openfiler · Openfiler

Name of the Vulnerable Software and Affected Versions: Openfiler versions 2.x Description: Openfiler v2.x contains a command injection issue in the system.html page. The device parameter is used to create a NetworkCard object, and its constructor in network.inc calls exec with unsanitized input. ...

CVE-2025-8580

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2025-8579

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CodeAstro Simple Hospital Management System 安全漏洞

CodeAstro Simple Hospital Management System is a simple hospital management system from CodeAstro. A security vulnerability exists in CodeAstro Simple Hospital Management System version 1.0, which originates from a cross-site scripting attack due to an incorrect manipulation of the parameters Fir...

CVE-2025-49579

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...

CVE-2025-49576

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...

CVE-2022-2710

The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2020-21639

Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting XSS vulnerability via the rulename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2019-15944

In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message...

CVE-2012-3232

Cross-site scripting XSS vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the texttitle parameter...

SUSE CVE-2025-4096

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

ChuanhuChatGPT HTML Injection Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An HTML injection vulnerability exists in chuanhuchatgpt version 20b2e02, which stems from improper HTML tag cleanup in chat history uploads,...

CVE-2025-1917

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

storefront 跨站请求伪造漏洞

storefront is a SaaS solution open-sourced by Selldone. A security vulnerability exists in storefront v.1.0, which stems from a cross-site request forgery in the index.html component that could lead to elevation of privilege...