Lucene search
K

305 matches found

CVE
CVE
added 2026/02/12 10:48 p.m.10 views

CVE-2019-25323

Heatmiser Netmonitor v3.03 is affected by an HTML injection in the outputSetup.htm page via the outputtitle parameter. The vulnerability allows an attacker to craft POST requests to inject arbitrary HTML and potentially alter the web interface’s displayed content. The CVE description specifies a ...

6.1CVSS6AI score0.0022EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/12 10:48 p.m.4 views

CVE-2019-25323 Heatmiser Netmonitor 3.03 - HTML Injection

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and...

6.1CVSS6AI score0.0022EPSS
Exploits0References4
OSV
OSV
added 2026/02/11 7:15 p.m.6 views

CVE-2025-70296

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...

5.4CVSS5.8AI score0.0023EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/10 7:22 p.m.4 views

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

5.4CVSS5.6AI score0.00203EPSS
Exploits1References1
NVD
NVD
added 2026/02/09 8:15 p.m.15 views

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

5.4CVSS0.00203EPSS
Exploits1References4
NVD
NVD
added 2026/02/03 7:16 p.m.8 views

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

6.1CVSS0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 7:9 p.m.5 views

EUVD-2026-5183

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

5.1CVSS5.5AI score0.00188EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.3 views

TikiWiki 17.1 Cross Site Scripting

A cross site scripting vulnerability exists in TikiWiki CMS version 17.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.11 views

Cacti security vulnerabilities

Cacti is a set of open-source network traffic monitoring and analysis tools developed by the Cacti team. This tool retrieves data using SNMPGet, generates graphs with RRDTool for analysis, and provides features for data management and user administration. Cacti versions 1.2.29 and earlier contain...

5.4CVSS5.8AI score0.002EPSS
Exploits1References2
OSV
OSV
added 2026/01/28 4:16 p.m.3 views

CVE-2025-69517

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...

8.8CVSS5.9AI score0.0046EPSS
Exploits0References3
NVD
NVD
added 2026/01/21 11:15 p.m.5 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS0.00243EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/20 12:9 p.m.26 views

CVE-2026-1183 HTML injection in multiple Botble products

HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter...

5.1CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 11:53 a.m.20 views

CVE-2025-40679 HTML injection in Isshue from Bdtask

HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/categoryproductsearch', affecting the 'productname' parameter...

5.1CVSS0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.5 views

CVE-2023-4393

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...

6.1CVSS6.8AI score0.00309EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/07 7:28 p.m.3 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview preact is a fast 3kB alternative to React with the same modern API. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' during rendering in the vnode constructor. An attacker can inject arbitrary HTML or execute scripts by...

9.2CVSS6.8AI score0.00227EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/27 12:4 a.m.3 views

CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk

Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...

8.6CVSS6.6AI score0.00193EPSS
Exploits1References2
NVD
NVD
added 2025/12/26 3:15 p.m.4 views

CVE-2025-36230

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/26 2:22 p.m.4 views

CVE-2025-36230 XSS in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.2AI score0.00166EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/25 12:0 a.m.3 views

Kentico Xperience HTML Injection Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an HTML injection vulnerability that stems from the lack of valid filtering and escaping of user-supplied data in unencoded form fields, which can be exploited by an attacker to execute arbitrary web...

6.1CVSS6.1AI score0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/23 7:35 p.m.3 views

CVE-2021-47737 CSZ CMS 1.2.7 HTML Injection Vulnerability via Member Dashboard

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks...

5.4CVSS6.6AI score0.00244EPSS
Exploits1References4
Rows per page
Query Builder