CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...

CVE-2025-20148 Cisco Secure Firewall Management Center HTML Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...

CVE-2025-42945

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...

Cisco Secure Firewall Management Center 输入验证错误漏洞

Cisco Secure Firewall Management Center is a powerful network security management tool from Cisco. An input validation error vulnerability exists in Cisco Secure Firewall Management Center that stems from insufficient user input validation and could lead to HTML injection and server-side request...

CVE-2025-6186

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

CVE-2025-45316

A cross-site scripting XSS vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter...

CVE-2025-42945

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...

PT-2025-32606 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: SAP NetWeaver Application Server ABAP is susceptible to an HTML injection issue. An attacker can construct a URL containing a malicious script as a payload,...

Possible HTML Injection in Accept-Language header

This report is not public...

PT-2025-50550

Name of the Vulnerable Software and Affected Versions XWiki versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2, and 17.5.0-rc-1 through 17.5.0 Description The XWiki Rendering system lacks sufficient protection against /html injection. This allows attackers to achieve remote code execution RCE...

MediaWiki Security Breach

MediaWiki is a set of free and freely available web-based Wiki engines from the American Wikimedia Wikimedia Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a security vulnerability that stems from vulnerability to HTML...

UBUNTU-CVE-2025-4278

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

Dot 跨站脚本漏洞

Dot is a text-to-speech, RAG and LLM tool by alexpinel individual developers. A cross-site scripting vulnerability exists in Dot 0.9.3 and earlier versions, which stems from user input and LLM output being appended to the DOM using innerHTML, which could lead to cross-site scripting and command...

PHPGurukul Medical Card Generation System 安全漏洞

Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from an HTML injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the pagedes parameter of admin/contactus.php, which can be...

IBM Content Navigator 安全漏洞

IBM Content Navigator is a Web client from International Business Machines IBM. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0, which stems from...

Park Ticketing Management System HTML Injection Vulnerability

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from an HTML injection vulnerability that stems from the mishandling of the searchdata parameter in the normal-search.php file, resulting in an HTML injection attack. No details of the...

EspoCRM 注入漏洞

EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. An injection vulnerability exists in EspoCRM versions prior to 9.0.8 that stems from excessive HTML...

CVE-2025-32426 Formie has a XSS vulnerability for email notification content for preview

Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...

HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...

Trend Vision One 跨站脚本漏洞

Trend Vision One is a comprehensive security platform from Trend Vision, Inc. A security vulnerability exists in Trend Vision One that stems from HTML injection and could lead to arbitrary code execution...