SUSE CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

UBUNTU-CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

EUVD-2026-31451

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

CVE-2026-35453

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

CVE-2026-1011

A stored cross-site scripting XSS vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST...

ClearML Server 安全漏洞

ClearML Server is an open source suite of tools from ClearML that simplifies machine learning workflows. A security vulnerability exists in ClearML Server version 3.22.5-1533. An attacker can exploit the vulnerability to execute arbitrary html code via a specially crafted HTTP request...

Sentry 安全漏洞

Sentry is Sentry's open source bug tracking and performance monitoring platform for developers. A security vulnerability exists in Sentry prior to version 24.7.1, which stems from a payload that can store arbitrary HTML tags on the Sentry side and can be displayed on the issue page...

GoCD 跨站脚本漏洞

ThoughtWorks GoCD is a continuous delivery server. versions 20.2.0 through 21.4.0 of ThoughtWorks GoCD contain a cross-site scripting vulnerability that stems from a vulnerability to reflected cross-site scripting via an abusive function that renders arbitrary HTML into the returned page. An...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

Fortinet FortiManager 和 Fortinet FortiAnalyzer 跨站脚本漏洞

Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiManager and FortiAnalyzer have a cross-site scripting vulnerability that can be exploited by attackers to trick victims into...

CVE-2021-35208

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected...

rubygem-will_paginate: XSS vulnerabilities

It was found that ruby willpaginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the willpaginate gem to display arbitrary HTML including scripting code within the web interface...

WordPress Link Modal Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress link modal. A remote attacker can exploit this vulnerability to inje...

TheHostingTool HTML Injection Vulnerability

TheHostingTool is a set of open source free PHP-based hosting applications. TheHostingTool suffers from an HTML injection vulnerability. An attacker can exploit the vulnerability to execute arbitrary HTML or JavaScript code in the context of an affected site...

Belkin N150 Wireless Home Router HTML Injection Vulnerability

Belkin N150 Wireless Home is a wireless router product from Belkin USA. An HTML injection vulnerability exists in the Belkin N150 Wireless Home Router, which can be exploited by an attacker to execute arbitrary HTML...

CVE-2006-6249

Cross-site scripting XSS vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2005-0966

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows 1 remote attackers to inject arbitrary Gaim markup via ircmsgkick, ircmsgmode, ircmsgpart, ircmsgquit, 2 remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via ircmsginvite, or 3 malicious IR...

CVE-2005-0966

CVE-2005-0966 concerns the IRC protocol handling in Gaim (GAIM) 1.2.0 and possibly earlier. The vulnerability stems from how IRC messages are processed by the IRC protocol plugin, allowing remote attackers to inject arbitrary markup into the Gaim UI via functions such as irc_msg_kick, irc_msg_mod...