1053 matches found
WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection
Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...
EUVD-2026-40862
An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...
EUVD-2025-210355
Unauthenticated Content Injection in Auros Core = 5.3.1 versions...
CVE-2025-64637
Unauthenticated Content Injection in Auros Core = 5.3.1 versions...
CVE-2025-64637 WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability
Unauthenticated Content Injection in Auros Core = 5.3.1 versions...
CVE-2025-64637
CVE-2025-64637 concerns the WordPress plugin Auros Core (versions
WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability
Content Injection vulnerability discovered by Bonds in WordPress Plugin Auros Core versions = 5.3.1...
CVE-2026-57533
Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...
CVE-2026-57535
Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...
CVE-2026-57534
Summary: CVE-2026-57534 affects the pretix-pages plugin, where malicious HTML content can be injected into a page’s content, causing a stored XSS condition. The root cause is described as unsafe handling of page content within the plugin; exploitation details are not provided beyond the stored-XS...
EUVD-2026-39416
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...
CVE-2026-57534 Stored XSS in pretix-pages
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...
EUVD-2026-39412
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...
Astra Linux – Vulnerability in Rails
An XSS vulnerability exists in the Action View tag helpers versions 5.2.0 and below, which would allow an attacker to inject content if they can control the input into specific attributes...
CVE-2026-54231
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...
CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...
CVE-2026-54231
CVE-2026-54231 affects ABRT’s post-create event handler scripts in libreport. The event script reads journal entries for the crashed process and writes results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal...
CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...
EUVD-2026-36640
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...
PT-2026-49076
Name of the Vulnerable Software and Affected Versions libreport affected versions not specified Description A content injection issue exists in the ABRT post-create event handler scripts within libreport. The event script retrieves log entries from the systemd journal for crashed processes and...