CVE-2025-65924

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...

WordPress plugin Norebro Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

SUSE Manager Server 安全漏洞

SUSE Manager Server is an infrastructure management solution from SUSE Germany designed to simplify and secure the management of various Linux distributions. A security vulnerability exists in SUSE Manager Server that stems from improper neutralization of script-related HTML tags, which could lea...

Allocation of Resources Without Limits or Throttling

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the striptags function. An attacker can cause slow performance by...

Admiror Frames Security Vulnerability

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! Admiror Frames versions prior to 5.0, which stems from a script in the extension that does not specify the content type, and could allow an attacker to embed HTML tags...

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top-level XWiki projects of the XWiki Foundation in France. A cross-site scripting vulnerability exists in XWiki Commons version 4.2-milestone-1, which stems from Not escaping attributes that can be used to inject scripts, and not...

SUSE CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service

A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing...

w3m buffer overflow vulnerability

w3m is an open source text-based Web browser . A buffer overflow vulnerability exists in versions of w3m prior to 0.5.3-31. An attacker can exploit this vulnerability to execute arbitrary code with the help of malformed html tags...

DEBIAN-CVE-2007-0106

Cross-site scripting XSS vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when...