CVE-2025-65640

Cross Site Scripting XSS vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript cod...

EUVD-2021-24412

Malware in sbrugna...

UBUNTU-CVE-2023-29839

A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...

CVE-2023-28836 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...

Kibana 7.10.2 < 7.14.1 Code Execution

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

Kibana 7.14.0 HTML Injection

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

CVE-2021-37936

A flaw was found in Kibana. This issue occurs due to Kibana not sanitizing document fields containing HTML snippets. An attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be render...

Cross-site Scripting (XSS)

kibana is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize document fields containing HTML snippets, which allows an attacker with the ability to write documents to an elasticsearch index to inject and execute malicious JavaScript...

CVE-2021-37936

It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be render...

CVE-2021-38695

SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting XSS that allows users to store scripts in certain fields e.g. subject, description of the document form...