CVE-2026-42881

STIGQter (open-source reimplementation of DISA STIG Viewer) prior to 1.2.7 contains a vulnerability where an attacker can achieve local code execution with the user’s privileges by persuading a user to open a crafted .stigqter file and run the Export HTML action. The CVE entry and CVE List title ...

EUVD-2026-30305

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...

CVE-2026-42881 STIGQter: Arbitrary File Write leading to Local Code Execution via Export HTML

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...

CVE-2026-42881

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...

PT-2026-40946

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...

CVE-2021-47768 ImportExportTools NG 10.0.4 - HTML Injection

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

Solar-Log 1000 安全漏洞

Solar-Log 1000 is a solar photovoltaic data logger from the German company Solar-Log. A security vulnerability exists in Solar-Log 1000 versions prior to v2.8.2 and 52-23.04.2013, which originates from storing plaintext passwords in the export.html, email.html and sms.html files...

HSC Cybersecurity HC Mailinspector 路径遍历漏洞

HSC Cybersecurity HC Mailinspector is a cloud email security solution from HSC Cybersecurity. A path traversal vulnerability exists in HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through v.5.2.18, which stems from an unauthenticated path traversal vulnerability in mliRealtimeEmails.php,...

CVE-2024-34471

An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability resulting in file deletion exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete...

Atlassian Jira 8.14.0 < 8.17.0 Export HTML Report Cross-Site Scripting

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.12 or 8.14.x prior to 8.16.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripti...

CVE-2021-26083

Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability...

The name of a filter can be used to XSS users who open an "Export HTML Report" - CVE-2021-26083

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Export HTML Report feature. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before...