2 matches found
CVE-2025-40901
CVE-2025-40901 describes a stored HTML injection in the Credentials Manager ( Guardian/CMC ) prior to 26.1.0. The root cause is improper validation of an input parameter, allowing an administrator to define an identity containing HTML tags. When a victim deletes that identity, the injected HTML c...
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...