activemq-artemis: AMQ Broker web console HTML Injection

A security vulnerability was found in ActiveMQ Artemis. This flaw allows an attacker to show malicious content and redirect users to a malicious URL in the web console by using HTML in the name of an address or queue...

UBUNTU-CVE-2022-31187

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users...

PT-2022-23924 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 6.11 P3 Archer Platform version 6.10 P4 is not affected, however versions prior to 6.10 P4 are affected. Description: The issue allows an authenticated remote attacker to potentially exploit an HTML injection...

CVE-2022-1492

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...

CVE-2022-34966

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ipaddress/:port/ossn/home...

CVE-2022-34160

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...

IBM CICS TX Standard and Advanced 跨站脚本漏洞

IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. An HTML injection vulnerability exists in IBM CICS TX Standard and Advanced version 11.1. The vulnerability stems from...

CVE-2022-29269

In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address...

CVE-2022-29816

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible...

CVE-2021-46079

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection...

CVE-2021-42564

An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers with permission to provide confidential messages via Cryptshare to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' substring in the editor parameter...

PT-2021-23485 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36.3 Description: An issue was discovered in the GlobalWatchlist extension where the rev-deleted-user and ntimes messages were not properly escaped, allowing users to inject HTML and JavaScript. Recommendations:...

UBUNTU-CVE-2021-21333

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject...

CVE-2019-16962

Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to inject arbitrary HTML code into users’ browsers.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary HTML code in the user’s browser remotely...

CVE-2020-28210

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

Puncsky Touchbase.ai Cross-Site Scripting Vulnerability

Puncsky Touchbase.ai is a web platform for interpersonal relationships by Puncsky Individual Developers. A cross-site scripting vulnerability exists in versions prior to touchbase.ai 2.0, which can be exploited by an attacker to inject an HTML payload, resulting in damage, user redirection to a...

CVE-2020-15951

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal...

CVE-2020-4740

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150...

CVE-2020-9743

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An...