Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the first name field in the processMentions method, which allows arbitrary HTML injection into emails. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

chuanhuchatgpt 跨站脚本漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An HTML injection vulnerability exists in chuanhuchatgpt version 20b2e02, which stems from improper HTML tag cleanup in chat history uploads,...

CyberArk Endpoint Privilege Manager 安全漏洞

CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...

CVE-2024-49337

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

PT-2025-7300 · Phpjabbers · Phpjabbers Restaurant Booking System

Name of the Vulnerable Software and Affected Versions: PHPJabbers Restaurant Booking System version 3.0 Description: The issue concerns multiple HTML injection vulnerabilities in the parameters name, plugin sms api key, plugin sms country code, and title. This allows for potential malicious HTML...

PT-2025-7269 · Weeek · Weeek

Name of the Vulnerable Software and Affected Versions: WEEEK affected versions not specified Description: The issue is related to the lack of protection of the web page structure, allowing an attacker to execute arbitrary code by injecting specially crafted HTML code. Recommendations: At the...

Online Birth Certificate System HTML Injection Vulnerability

Online Birth Certificate System is an online birth certificate system. Online Birth Certificate System suffers from an HTML injection vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. A cross-site scripting vulnerability exists in Beauty Parlour Management System. The vulnerability stems from the injection of arbitrary HTML into the Firstname an...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus 10.10.0 and earlier versions, which stems from a filter in the commenting feature that runs only on the client side and can be...

Kanboard 安全漏洞

Kanboard is a suite of open source visual task board software from Kanboard Open Source. The software has the ability to customize the panels according to the business. Kanboard version 1.2.40 security vulnerability , the vulnerability stems from HTML can be injected and stored in the application...

DEBIAN-CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

Esri Portal For ArcGIS 安全漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from an HTML injection vulnerability that stems from th...

CVE-2024-9174

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...

CVE-2024-43025

An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail...

OESA-2024-1983 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1...

CVE-2024-38501

An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device...

CVE-2023-40819

ID4Portais in version V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability...

Devlop ID4Portais 安全漏洞

Devlop ID4Portais is an application from Devlop USA. A security vulnerability exists in versions prior to Devlop ID4Portais V.2022.837.002a, which stems from an HTML injection vulnerability due to an uncleaned message parameter being returned in a response...

CVE-2023-35006

IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

IBM Security QRadar 安全漏洞

IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. IBM Security QRadar suffers from an HTML...