Lucene search
+L

316 matches found

Veracode
Veracode
added 2025/12/02 1:9 p.m.9 views

HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper stripping of HTML tags in the generatePlaintext method when Unicode line-separator characters bypass the regex filter, which allows an attacker to inject unexpected HTML that can be interpreted as executable script...

6.3CVSS7AI score0.00418EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/12/01 9:14 a.m.6 views

Cross-site Scripting (XSS)

mailgen is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization in the generatePlaintext method, which fails to remove HTML tags provided as encoded entities, allowing an attacker to inject malicious HTML or JavaScript that can execute when the resulting...

6.3CVSS6.7AI score0.00395EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/27 11:4 a.m.2 views

CVE-2025-13742 Limited HTML injection in emails

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.7AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 1:50 a.m.17 views

CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

3.9CVSS0.00118EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/12 1:6 p.m.9 views

CVE-2025-41104

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'customfield1' in '/estimaterequests/saveestimaterequest'...

5.4CVSS7.3AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2025/11/12 12:0 a.m.15 views

CVE-2025-63419

Summary: CVE-2025-63419 affects CrushFTP 11.3.6_48. The web-based server’s file sharing feature reflects the filename into an emailBody field without sanitization, enabling HTML injection through an XSS vulnerability. Affected: CrushFTP Web-Based Server (CrushFTP 11.3.6_48). Impact/Notes: XSS via...

6.1CVSS5.5AI score0.00229EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/11/11 1:15 p.m.8 views

CVE-2025-41103

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...

5.4CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 12:21 p.m.15 views

CVE-2025-41106

An HTML injection flaw is present in Fairsketch’s RISE CRM Framework v3.8.1 (CVE-2025-41106). The root cause is insufficient validation of user input, enabling HTML code injection via a POST to /clients/save_contact/ with the first_name parameter. Affected product: Fairsketch RISE CRM Framework; ...

5.4CVSS6.9AI score0.00167EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/11/11 12:16 p.m.18 views

CVE-2025-41103

CVE-2025-41103: HTML injection in Fairsketch’s RISE CRM Framework v3.8.1 due to insufficient validation of user input in the POST parameter reply_message of /messages/reply. This is a client-facing input validation flaw that enables injection of HTML content into responses. The CVE is corroborate...

5.4CVSS6.9AI score0.00158EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/11 12:15 p.m.4 views

CVE-2025-41102

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'...

5.4CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.9 views

PT-2025-46333

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'...

5.1CVSS7.3AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/07 3:11 a.m.8 views

EUVD-2025-37860

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

4.6CVSS6.4AI score0.0015EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 9:15 p.m.7 views

CVE-2025-33110

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 8:43 p.m.5 views

CVE-2025-33110 IBM OpenPages Vulnerable to HTML Injection

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.2AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.9 views

PT-2025-45374

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.6AI score0.00193EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/16 4:56 p.m.15 views

CVE-2025-62380

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...

6.3CVSS7.5AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 8:41 p.m.18 views

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

6.3CVSS7.2AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 5:16 p.m.6 views

CVE-2025-62380

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...

6.3CVSS0.00418EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/14 7:49 p.m.9 views

Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...

6.3CVSS7.4AI score0.00395EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/14 3:23 p.m.1 views

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

6.3CVSS6.8AI score0.00395EPSS
Exploits0References2
Rows per page
Query Builder