311 matches found
ROS-20251007-02
Vulnerability of the software tool for MediaWiki hypertext environment implementation is related to insufficient filtering of system messages. filtering of system messages. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to...
CVE-2025-0607 HTML Injection in Logo Software's Logo Cloud
Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing. This issue affects Logo Cloud: before 2.57...
EUVD-2025-28377
Malicious code in bioql PyPI...
EUVD-2025-24210
Malicious code in bioql PyPI...
EUVD-2025-31565
Malicious code in bioql PyPI...
EUVD-2025-28417
Malicious code in bioql PyPI...
PT-2025-40573
Name of the Vulnerable Software and Affected Versions HCL MyXalytics version 6.6 Description A flaw exists in HCL MyXalytics that permits HTML injection. This could potentially allow an attacker to inject malicious HTML code into the application. Recommendations At the moment, there is no...
CVE-2025-10342
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
CVE-2025-10346
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledgebase/article'...
CVE-2025-10346 HTML injection in Perfex CRM
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledgebase/article'...
CVE-2025-59526
CVE-2025-59526 affects the Node.js package mailgen. A HTML injection/XSS vulnerability exists in plaintext emails generated by Mailgen when using generatePlaintext(email) with user-provided content. The issue is fixed in version 2.0.30; a workaround is stripping HTML tags from input before passin...
CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...
Mailgen: HTML injection vulnerability in plaintext e-mails
HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...
GHSA-J2XJ-H7W5-R7VP Mailgen: HTML injection vulnerability in plaintext e-mails
HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...
CVE-2025-59411
CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin receives an email containing that HTML. This indicates user...
CVE-2025-59412 CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. An attacker can submit HTML tags inside the review description field. Once the administrator...
PT-2025-39071
Name of the Vulnerable Software and Affected Versions mailgen versions prior to 2.0.30 Description mailgen is a Node.js package used to generate responsive HTML e-mails. A HTML injection flaw exists in plaintext e-mails generated by the software when using the Mailgen.generatePlaintextemail metho...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
CVE-2025-52217
SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...