127 matches found
CVE-2025-40894 HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...
CVE-2025-40894
CVE-2025-40894 describes a Stored HTML Injection in the Alerted Nodes Dashboard due to improper input validation. A logged-in user with required privileges can edit a node label to inject HTML, which may render in a victim’s browser if alerts exist for that node, enabling phishing and potentially...
PT-2026-22914
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...
CVE-2026-26953
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentia...
CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentia...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
CVE-2025-70296 is a stored HTML injection in Mealie 3.3.1’s Recipe Notes rendering component. Remote authenticated users can inject arbitrary HTML, causing user interface redressing in the recipe view. Descriptions across multiple sources confirm the vulnerability and affected version; one connec...
FreeBSD : Gitlab -- vulnerabilities (9d9940e7-071c-11f1-93ca-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9d9940e7-071c-11f1-93ca-2cf05da270f3 advisory. Gitlab reports: Incomplete Validation issue in Web IDE impacts GitLab CE/EE Denial of Service...
CVE-2026-25764 OpenProject vulnerable to Stored HTML injection
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...
CVE-2024-34697
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...
CVE-2025-68927
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...
Libredesk 跨站脚本漏洞
Libredesk is a user support platform by the individual developer Abhinav Raut. A cross-site scripting vulnerability exists in versions prior to Libredesk 0.8.6-beta, which stems from a stored HTML injection issue in the contact notes feature that could lead to phishing and CSRF attacks...
CVE-2025-40891
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
CVE-2025-40893
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the...
CVE-2025-40891
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
EUVD-2025-204261
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
PT-2025-52221
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the...
GHSA-WH6M-H6F4-RJF4 Libredesk has Improper Neutralization of HTML Tags in a Web Page
Summary LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the request and removing the tag, an attacker can inject arbitrary HTML element...
EUVD-2019-4442
Malware in sbrugna...