Lucene search
K

311 matches found

Redos
Redos
added 2025/10/07 12:0 a.m.3 views

ROS-20251007-02

Vulnerability of the software tool for MediaWiki hypertext environment implementation is related to insufficient filtering of system messages. filtering of system messages. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to...

6.9CVSS7.6AI score0.00454EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/10/06 9:14 a.m.3 views

CVE-2025-0607 HTML Injection in Logo Software's Logo Cloud

Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing. This issue affects Logo Cloud: before 2.57...

4.3CVSS5.4AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28377

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00379EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24210

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00189EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31565

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28417

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.8 views

PT-2025-40573

Name of the Vulnerable Software and Affected Versions HCL MyXalytics version 6.6 Description A flaw exists in HCL MyXalytics that permits HTML injection. This could potentially allow an attacker to inject malicious HTML code into the application. Recommendations At the moment, there is no...

4.6CVSS6.4AI score0.00166EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/30 9:38 a.m.7 views

CVE-2025-10342

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...

6.1CVSS7AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2025/09/29 9:15 a.m.4 views

CVE-2025-10346

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledgebase/article'...

6.1CVSS0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/29 8:43 a.m.3 views

CVE-2025-10346 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledgebase/article'...

5.3CVSS6.7AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 7:27 p.m.18 views

CVE-2025-59526

CVE-2025-59526 affects the Node.js package mailgen. A HTML injection/XSS vulnerability exists in plaintext emails generated by Mailgen when using generatePlaintext(email) with user-provided content. The issue is fixed in version 2.0.30; a workaround is stripping HTML tags from input before passin...

6.9CVSS6.7AI score0.00409EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/22 7:27 p.m.12 views

CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

6.9CVSS6.7AI score0.00409EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/22 6:3 p.m.8 views

Mailgen: HTML injection vulnerability in plaintext e-mails

HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...

6.9CVSS6.9AI score0.00409EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/09/22 6:3 p.m.5 views

GHSA-J2XJ-H7W5-R7VP Mailgen: HTML injection vulnerability in plaintext e-mails

HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...

5.3CVSS6.8AI score0.00409EPSS
Exploits0References4
NVD
NVD
added 2025/09/22 5:16 p.m.5 views

CVE-2025-59411

CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin receives an email containing that HTML. This indicates user...

5.4CVSS0.00278EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/09/22 4:14 p.m.16 views

CVE-2025-59412 CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. An attacker can submit HTML tags inside the review description field. Once the administrator...

5.4CVSS0.0026EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.4 views

PT-2025-39071

Name of the Vulnerable Software and Affected Versions mailgen versions prior to 2.0.30 Description mailgen is a Node.js package used to generate responsive HTML e-mails. A HTML injection flaw exists in plaintext e-mails generated by the software when using the Mailgen.generatePlaintextemail metho...

6.9CVSS7AI score0.00409EPSS
Exploits0References9
OSV
OSV
added 2025/09/12 3:15 p.m.4 views

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

6.3CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/09/12 3:15 p.m.10 views

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

6.3CVSS0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.5 views

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

5.4CVSS7.3AI score0.00181EPSS
Exploits0References1
Rows per page
Query Builder