CVE-2020-5905

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network WCCP page, the system does not sanitize all user-provided data before display...

CVE-2020-35909

An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...

CVE-2019-15016

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database...

Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041

Colorbox is a module that allows Images, and iframed or inline content to be displayed in a modal above the current page. The Colorbox module doesn't sufficiently sanitize data attributes before opening modals. This vulnerability is mitigated by the fact that an attacker must have a role with...

CVE-2025-28253

This CVE entry is rejected and not used; it does not represent an active vulnerability.

SUSE CVE-2024-10491

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

CVE-2024-45060

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting XSS vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in...

Cross-Site Scripting (XSS)

twig/twig is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of output escaping for the expression on the left side of the ?? operator in Twig, which allowed unsanitized data to be rendered in the output...

CVE-2022-4975

A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/ endpoints, the front-end generates a DOM table-element id="pdf-table". This information is then populated with unsanitized data usi...

CVE-2022-4975

A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/ endpoints, the front-end generates a DOM table-element id="pdf-table". This information is then populated with unsanitized data usi...

CVE-2022-4975 Rhacs: cross-site scripting in portal

A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/ endpoints, the front-end generates a DOM table-element id="pdf-table". This information is then populated with unsanitized data usi...

PT-2025-1377 · Red Hat · Red Hat Advanced Cluster Security

Name of the Vulnerable Software and Affected Versions: Red Hat Advanced Cluster Security RHACS affected versions not specified Description: A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the...

CVE-2024-43738

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web...

CVE-2024-43712

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a user-controllable source is improperly sanitize...

CVE-2024-50362

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...

CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...

CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...

CVE-2024-11003

Qualys-identified vulnerability in needrestart (before version 3.8): unsanitized input passed to Modules::ScanDeps can allow a local user to run arbitrary shell commands. The root cause is unsafe data handling by needrestart feeding Modules::ScanDeps, enabling command execution on the host with l...

CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...