The vulnerability of the Jenkins Fortify Plugin relates to the lack of protective measures for website structures, allowing attackers to perform HTML injections.

The vulnerability of the Jenkins Fortify Plugin is related to the lack of security measures for website structures. Exploiting this vulnerability allows a malicious actor to perform HTML injection remotely...

Dell SmartFabric Storage Software 安全漏洞

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. Dell SmartFabric Storage Software version 1.4 suffers from an HTML injection vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

The vulnerability of the OpenEMR software for managing medical organizations, related to authentication errors, allows a intruder to perform an HTML injection.

The vulnerability of the software for managing medical organizations called OpenEMR is related to authentication errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to perform HTML injection attacks...

PT-2023-27901 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee versions prior to 3.29.2 Description: Tolgee is an open-source localization platform. Due to a lack of validation in the Org Name field, a bad actor can send emails with HTML injected code to victims. Registered users can inject HTML...

CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names

Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...

Controller: Html injection in custom login info

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise...

Omeka S Injection Vulnerability

Omeka S is an open source web content management system CMS from Omeka, Inc. that specializes in creating and managing digital exhibitions and online digital archives. It is a new version of the Omeka project, and unlike the traditional Omeka Classic, Omeka S emphasizes multi-user collaboration a...

Controller: Html injection in custom login info

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise...

SolarWinds Platform 代码注入漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from SolarWinds USA. A security vulnerability exists in SolarWinds Platform versions prior to 2023.3 that originates from a hole that allows remote attackers with SolarWinds Platform account privileges to...

Zoom Client 注入漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.13.10, which stems from the inclusion of an HTML injection that could cause the Zoom application to crash if a victim begins...

Zoom Client 注入漏洞

Zoom Client is a video conferencing client application from Zoom Inc. that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.13.10 that stems from the inclusion of an HTML injection, which can be exploited by an attacker to inject HTML into the displa...

WordPress Plugin WP HTML Mail 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-27864

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327...

SUSE CVE-2019-9834

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...

Softr 跨站脚本漏洞

Softr is a no-code website builder from Softr, Inc. A security vulnerability exists in Softr version v2.0, which stems from the presence of an HTML injection vulnerability via the parameter Work Space Name...

PT-2023-14818 · Discourse · Discourse-Mermaid-Theme-Component +1

Name of the Vulnerable Software and Affected Versions: Discourse Mermaid discourse-mermaid-theme-component version 1.0.0 Description: The issue allows users who can create posts to inject arbitrary HTML on that post, using the Mermaid syntax in Discourse, open-source forum software...

PT-2022-25382 · Softr · Softr

Name of the Vulnerable Software and Affected Versions: Softr version 2.0 Description: The issue is related to HTML injection via the Name field of the Account page. This allows for potential malicious code execution. Recommendations: For Softr version 2.0, consider restricting access to the Accou...

PT-2022-27013 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.31 Description: The issue allows remote attackers to inject HTML via user input or stored data due to a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor. Recommendations: For MyBB version 1.8.31, as...

BlueSpice 跨站脚本漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A cross-site scripting vulnerability exists in BlueSpice's BlueSpiceBookshelf extension. An attacker could exploit the vulnerability to inject arbitrary HTML into the book navigation...

Stiltsoft Handy Macros 跨站脚本漏洞

Stiltsoft Handy Macros is a powerful set of macros from Stiltsoft Inc. It is used to create interactive Confluence content. A security vulnerability exists in Stiltsoft Handy Macros version 3.x through versions prior to 3.5.5. An attacker could exploit this vulnerability to inject arbitrary HTML ...