CVE-2024-5737

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...

WordPress plugin Elementor Header & Footer Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 CMS versions 13.0.0 through 13.1.0 that stems from vulnerability to HTML injection...

Enpass Password Manager 安全漏洞

Enpass Password Manager is a cross-platform offline password manager from Enpass. A security vulnerability exists in Enpass Password Manager version 6.9.2, which stems from an HTML injection vulnerability that allows an attacker to run arbitrary HTML code by creating carefully crafted comments...

PT-2024-21369 · Enpass · Enpass Password Manager Desktop Client

Name of the Vulnerable Software and Affected Versions: Enpass Password Manager Desktop Client version 6.9.2 Description: The issue allows attackers to run arbitrary HTML code via the creation of a crafted note, potentially leading to HTML injection. This can occur in the Enpass Password Manager...

CVE-2023-38536

HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting...

PT-2024-21399 · Kirby Cms +1 · Kirby Cms +1

Name of the Vulnerable Software and Affected Versions: Kirby CMS version 4.1.0 Description: An HTML injection issue exists in the Edit Content Layout module. The vendor disputes the significance of this report, stating that some HTML formatting is allowed and backend sanitization prevents the...

Kanboard Security Breach

Kanboard is a suite of open source visual task board software. The software has the ability to customize the panels according to the business. A security vulnerability exists in Kanboard version 1.2.34 that stems from vulnerability to HTML injection attacks...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the United States of America Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management...

Appointment Scheduler Security Vulnerability

PHPJabbers Appointment Scheduler is a Php-based appointment scheduler plugin for planning time and booking meeting schedules from PHPJabbers Serbia. A security vulnerability exists in Appointment Scheduler version 3.0, which stems from multiple HTML injection vulnerabilities in...

Vite Cross-Site Scripting Vulnerability

Vite is a new front-end builder tool open-sourced by Vite. Vite suffers from a cross-site scripting vulnerability that stems from the ability to inject arbitrary HTML into the output by providing a malicious URL query string...

Mattermost Injection Vulnerability

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from the inability of a web application to use innerText/textContent when setting a channel name during autocompletion, allowing an attacker to inject HTML int...

CVE-2023-40812

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field...

CVE-2023-40814

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field...

CVE-2023-40809

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number...

openCRX Security Vulnerabilities

openCRX is an open source Crm software. A security vulnerability exists in openCRX version 5.2.0, which originated from a vulnerability that allows attackers to perform HTML injection attacks via the Product Name field...

openCRX Security Vulnerabilities

openCRX is an open source Crm software. A security vulnerability exists in openCRX version 5.2.0, which originated from a vulnerability that allows attackers to perform HTML injection attacks via the Accounts Group Name field...

openCRX Security Vulnerabilities

openCRX is an open source Crm software. A security vulnerability exists in openCRX version 5.2.0, which originated from a vulnerability that allows attackers to conduct HTML injection attacks via the Activity Milestone Name field...

PT-2023-30322 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the beta and tests-passed branches Description: Discourse is an open source platform for community discussion. The issue allows some links to inject arbitrary HTML...

XWiki Rendering Cross-Site Scripting Vulnerability

XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering, which stems from an attribute cleaning during XHTML rendering tha...