CVE-2024-55976

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mikeleembruggen Critical Site Intel critical-site-intel-stats allows SQL Injection.This issue affects Critical Site Intel: from n/a through = 1.0...

CVE-2024-47115

IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input...

CVE-2024-49664

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in allows Reflected XSS.This issue affects chatplusjp: from n/a through 1.02...

CVE-2024-39668

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.This issue affects Extensions for Elementor: from n/a through 2.0.31...

PT-2024-26966 · Verint · Verint

Name of the Vulnerable Software and Affected Versions: Verint affected versions not specified Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which can lead to basic cross-site scripting XSS. Recommendations: At the moment, there is no...

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1...

PT-2024-24675 · Knight · Knight Lab Timeline

Name of the Vulnerable Software and Affected Versions: Knight Lab Timeline versions 3.9.3.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...

PT-2024-19085 · Gallagher · Gallagher Command Centre

Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre versions 8.60 and prior Gallagher Command Centre versions 8.70 prior to vEL8.70.2526 MR6 Gallagher Command Centre versions 8.80 prior to vEL8.80.1526 MR4 Gallagher Command Centre versions 8.90 prior to vEL8.90.1751 MR...

PT-2023-13999 · Unknown · Export Users Data Csv

Name of the Vulnerable Software and Affected Versions: Export Users Data CSV versions through 2.1 Description: The issue is related to the improper neutralization of formula elements in a CSV file, which affects the Export Users Data CSV. Recommendations: For versions through 2.1, update to a...

PT-2023-20408 · Unknown · Wpomnia Kb Support

Name of the Vulnerable Software and Affected Versions: WPOmnia KB Support versions 1.5.84 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file, which affects WPOmnia KB Support. Recommendations: For versions 1.5.84 and earlier, update to a...

Zoom Client Injection Vulnerability

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability previously existed in Zoom Desktop Client for Windows and Zoom VDI Client version 5.15.2, which stemmed from a special element neutralization improper issue...

PT-2023-25058 · Unknown · Fossbilling

Name of the Vulnerable Software and Affected Versions: fossbilling/fossbilling versions prior to 0.5.3 Description: The issue concerns improper neutralization of formula elements in a CSV file. This problem affects the GitHub repository fossbilling/fossbilling. Recommendations: For versions prior...

The vulnerability of the implementation of the remote_agent.php script in the network monitoring software Cacti allows a perpetrator to execute arbitrary commands.

The vulnerability of the remoteagent.php script implementation of the Cacti network monitoring software is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2021-42535

VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage...

PT-2022-14864 · Inventree · Inventree

Name of the Vulnerable Software and Affected Versions: inventree versions prior to 0.7.2 Description: The issue is related to the improper neutralization of formula elements in a CSV file. This problem affects the inventree GitHub repository. Recommendations: For versions prior to 0.7.2, update t...

CVE-2021-4097

phpservermon is vulnerable to Improper Neutralization of CRLF Sequences...

CVE-2021-20844

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive...

CVE-2021-29679

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include SSI directive. IBM X-Force ID: 199915...