CVE-2023-23735

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0...

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

CVE-2021-35959

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

PT-2025-15953 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions n/d through 3.4.0 Description: The issue is related to an improper neutralization of script-related HTML tags in a web page, which can lead to a basic Cross-Site Scripting XSS attack. This allows an attacker to inject...

WordPress plugin Better Section Navigation Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2025-5498 · Unknown · Listamester

Name of the Vulnerable Software and Affected Versions: Listamester versions through 2.3.4 Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Stored XSS attacks. This means an attacker can inject malicious scripts into the web...

Fortinet FortiPortal 安全漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A cross-site scripting vulnerability exists in Fortinet FortiPortal that stems from an...

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

PT-2024-36101

Name of the Vulnerable Software and Affected Versions: ARForms Form Builder versions through 1.7.1 Description: The issue is related to improper neutralization of script-related HTML tags in a web page, allowing code injection. This is a Basic XSS vulnerability that affects ARForms Form Builder,...

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Django Filer 代码问题漏洞

Django Filer is an open source file management application for Django from the Django CMS Association. A code issue vulnerability exists in Django Filer version 3 up to and including version 3.3, which stems from allowing unlimited uploads of dangerous types of files, improper input validation, a...

CVE-2024-51757

A flaw was found in happy-dom. This vulnerability allows remote code execution via a script tag, potentially executing code in the user context of happy-dom...

happy-dom 代码注入漏洞

happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom versions prior to 15.10.2, which originates from code execution on the host via script tags, leading to code...

PT-2024-34888 · Happy-Dom · Happy-Dom

Name of the Vulnerable Software and Affected Versions: happy-dom versions prior to 15.10.2 Description: happy-dom is a JavaScript implementation of a web browser without its graphical user interface. It may execute code on the host via a script tag, which would execute code in the user context of...

DEBIAN-CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

UBUNTU-CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

CVE-2024-44061

: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting XSS.This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14...

ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...

CVE-2024-2010

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2...

CVE-2024-29833

The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target ...