27 matches found
CVE-2026-42841
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax. The issue is caused by Markdown image query parameters...
CVE-2026-28338
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...
CVE-2026-28338
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...
CVE-2020-35125
A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...
Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 30 XSS
According to its self-reported version number, Zimbra Collaboration Server is affected by a cross-site scripting XSS vulnerability in the Calendar feature, as exploited in the wild starting in December 2021. An attacker can place HTML containing executable JavaScript inside element attributes. Th...
CVE-2022-25772
A cross-site scripting XSS vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript...
Cross site scripting
A cross-site scripting XSS vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript...
Mautic Cross-Site Scripting Vulnerability (CNVD-2022-66676)
Mautic is a marketing automation software. A cross-site scripting vulnerability exists in versions of Mautic prior to 4.3.0. The vulnerability stems from the failure of the installer logic to adequately filter the input of installation information, which could be exploited to inject executable...
CVE-2021-27914
A cross-site scripting XSS vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript...
CVE-2021-27914
A cross-site scripting XSS vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript...
Cross site scripting
A cross-site scripting XSS vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript...
CVE-2021-35208
An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected...
ckeditor4 vulnerable to cross-site scripting
A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...
CVE-2021-33829
A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...
CVE-2021-33829
A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...
CVE-2020-35125
A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...
CVE-2020-35125
A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...
Cross site scripting
A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...
CVE-2020-35125
A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...
CVE-2020-35124
A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...