146 matches found
Perfex CRM 跨站脚本漏洞
Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...
CVE-2025-59524
Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation for example, with an intercepting proxy or by...
CVE-2024-55059
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...
CVE-2023-6046
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-27775
A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload...
CVE-2022-2099
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles...
CVE-2020-27851
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
CVE-2020-26049
Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...
CVE-2019-12863
SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 allows Stored HTML Injection by administrators via the Web Console Settings screen...
CVE-2024-34398
An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers...
BMC Remedy Mid Tier 安全漏洞
BMC Remedy Mid Tier is an application from BMC USA, Inc. It is used to act as a client for the Remedy AR System server and a server for the browser. A security vulnerability exists in BMC Remedy Mid Tier version 7.6.04 that originates from allowing an authenticated, remote attacker to perform...
CVE-2024-34398
The CVE-2024-34398 entry concerns BMC Remedy Mid Tier 7.6.04 where the web application is vulnerable to stored HTML injection. The vulnerability is triggered by authenticated remote attackers and has a CVSS v3.1 base score of 4.2 (Medium). The underlying impact is limited to confidentiality and i...
GHSA-WW33-JPPQ-QFRP phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...
CVE-2024-55059
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...
CVE-2024-55059
CVE-2024-55059 concerns HTML injection in the PHPGurukul Online Birth Certificate System v1.0, triggered by input submitted to /user/certificate-form.php. Connected sources consistently describe the vulnerability as arising from insufficient filtering/escaping of user data, allowing injection of ...
CVE-2024-55059
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...
CVE-2024-9174
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...
CVE-2024-9174 Stored HTML Injection in Hubshare social module
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...