CVE-2025-52219

CVE-2025-52219 affects SelectZero Data Observability Platform older than 2025.5.2, where an Open Redirect vulnerability exists due to legacy UI fields allowing arbitrary external links via HTML Injection. Affected component is the web UI frontend, with the root cause described as an open redirect...

PT-2025-34774 · Selectzero · Selectzero Data Observability Platform

Name of the Vulnerable Software and Affected Versions: SelectZero SelectZero Data Observability Platform versions prior to 2025.5.2 Description: SelectZero Data Observability Platform contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

Linux Distros Unpatched Vulnerability : CVE-2019-9834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection...

CVE-2025-51989

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" firstname field, which will be sent out in an email resulting in possible Phishing scenarios against any, previously not...

CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

CVE-2025-57730

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature...

CVE-2025-51989

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" firstname field, which will be sent out in an email resulting in possible Phishing scenarios against any, previously not...

CVE-2025-51989

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" firstname field, which will be sent out in an email resulting in possible Phishing scenarios against any, previously not...

CVE-2025-51989

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" firstname field, which will be sent out in an email resulting in possible Phishing scenarios against any, previously not...

CVE-2025-54759

Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie...

CVE-2025-57730

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature...

PT-2025-34031 · Jetbrains · Intellij Idea

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2025.2 Description: A HTML injection issue was possible through the Remote Development feature. Recommendations: Update JetBrains IntelliJ IDEA to version 2025.2 or later...

CVE-2025-50891

CVE-2025-50891 affects Adform Site Tracking (backend) and specifically Adform Site Tracking version 1.1. It describes HTML injection and arbitrary code execution via cookie hijacking in the server-side backend, with CVSSv3.1 base score 7.2 (HIGH) and network attack vector with low attack complexi...

PT-2025-33850 · Adform · Adform Site Tracking

Name of the Vulnerable Software and Affected Versions: Adform Site Tracking version 1.1 Description: Adform Site Tracking version 1.1 is susceptible to HTML injection and arbitrary code execution through cookie hijacking. Recommendations: At the moment, there is no information about a newer versi...

CVE-2025-50891

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software such as Adform Site Tracking 1.1...

WordPress Advanced Custom Fields Plugin < 6.4.3 HTML Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfields"; if description...

Linux Distros Unpatched Vulnerability : CVE-2021-39910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all version...

Linux Distros Unpatched Vulnerability : CVE-2022-24728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all...

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...