Lucene search
K

146 matches found

CNNVD
CNNVD
added 2025/09/29 12:0 a.m.3 views

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

6.1CVSS6.1AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2025/09/24 6:15 p.m.7 views

CVE-2025-59524

Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation for example, with an intercepting proxy or by...

7.7CVSS0.00326EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:19 a.m.8 views

CVE-2024-55059

A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...

6.1CVSS6.9AI score0.00195EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.6 views

CVE-2023-6046

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6.5AI score0.0043EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 3:33 a.m.8 views

CVE-2023-27775

A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload...

5.4CVSS7.6AI score0.00672EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:39 p.m.5 views

CVE-2022-2099

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles...

4.8CVSS7AI score0.00559EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.9 views

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS7.2AI score0.00607EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 p.m.6 views

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

6.1CVSS7.5AI score0.01274EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:57 a.m.6 views

CVE-2019-12863

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 allows Stored HTML Injection by administrators via the Web Console Settings screen...

4.8CVSS7AI score0.01076EPSS
Exploits1References1
OSV
OSV
added 2025/03/12 5:15 p.m.3 views

CVE-2024-34398

An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers...

4.2CVSS5.8AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.3 views

BMC Remedy Mid Tier 安全漏洞

BMC Remedy Mid Tier is an application from BMC USA, Inc. It is used to act as a client for the Remedy AR System server and a server for the browser. A security vulnerability exists in BMC Remedy Mid Tier version 7.6.04 that originates from allowing an authenticated, remote attacker to perform...

4.2CVSS6.6AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2025/03/12 12:0 a.m.42 views

CVE-2024-34398

The CVE-2024-34398 entry concerns BMC Remedy Mid Tier 7.6.04 where the web application is vulnerable to stored HTML injection. The vulnerability is triggered by authenticated remote attackers and has a CVSS v3.1 base score of 4.2 (Medium). The underlying impact is limited to confidentiality and i...

4.2CVSS7AI score0.00228EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/02 10:43 p.m.5 views

GHSA-WW33-JPPQ-QFRP phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

5.2CVSS6.2AI score0.00396EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/01/02 5:27 p.m.5 views

CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

5.2CVSS7.2AI score0.00396EPSS
Exploits1References1
OSV
OSV
added 2025/01/02 5:27 p.m.6 views

CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

5.2CVSS6.8AI score0.00396EPSS
Exploits1References3
NVD
NVD
added 2024/12/17 9:15 p.m.20 views

CVE-2024-55059

A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...

6.1CVSS0.00195EPSS
Exploits1References1
CVE
CVE
added 2024/12/17 12:0 a.m.48 views

CVE-2024-55059

CVE-2024-55059 concerns HTML injection in the PHPGurukul Online Birth Certificate System v1.0, triggered by input submitted to /user/certificate-form.php. Connected sources consistently describe the vulnerability as arising from insufficient filtering/escaping of user data, allowing injection of ...

6.1CVSS7.1AI score0.00195EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/12/17 12:0 a.m.12 views

CVE-2024-55059

A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...

0.00195EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/10/02 6:15 a.m.4 views

CVE-2024-9174

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...

6.9CVSS5.4AI score0.00271EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/02 5:56 a.m.23 views

CVE-2024-9174 Stored HTML Injection in Hubshare social module

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...

6.9CVSS0.00271EPSS
Exploits0References2
Rows per page
Query Builder