Lucene search
K

560 matches found

EUVD
EUVD
added 2026/03/05 8:6 p.m.9 views

EUVD-2026-9870

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...

8CVSS5.8AI score0.00223EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 8:6 p.m.27 views

CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...

8CVSS0.00223EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 8:6 p.m.4 views

CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...

8CVSS5.7AI score0.00223EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/25 7:7 p.m.14 views

changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response

Summary Three security vulnerabilities were identified in changedetection.io through source code review and live validation against a locally deployed Docker instance. All vulnerabilities were confirmed exploitable on the latest version 0.53.6 it was additionally validated at scale against 500...

6.1CVSS5.7AI score0.00445EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/05 6:16 p.m.10 views

AZL-77064 CVE-2025-58190 affecting package packer 1.9.5-11

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.6 views

AZL-76845 CVE-2025-47911 affecting package cri-o for versions less than 1.22.3-20

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 4:49 a.m.4 views

CVE-2026-25200

A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1...

9.8CVSS5.4AI score0.00494EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/01/27 12:52 a.m.7 views

SUSE CVE-2017-18892

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized...

6.1CVSS5.9AI score0.0069EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : dotnet6.0-6.0.105-1.el8.ML.1 (AXSA:2022-3729:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3729:08 advisory. dotnet: excess memory allocation via HttpClient causes DoS CVE-2022-23267 dotnet: malicious content causes high CPU and memory usage CVE-2022-29117...

7.5CVSS7.5AI score0.05041EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 7 : gcc-4.8.5-44.0.1.el7.AXS7 (AXSA:2025-9920:15)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9920:15 advisory. CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code CVEs: CVE-2020-11023 In jQuery versions great...

6.9CVSS7.1AI score0.8383EPSS
Exploits6References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:33 a.m.6 views

CVE-2017-18892

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized...

6.1CVSS6.8AI score0.0069EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.8 views

CVE-2023-50167

Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content...

6.1CVSS6AI score0.00298EPSS
Exploits0References1
OSV
OSV
added 2026/01/05 9:30 a.m.3 views

GHSA-7WWV-79XW-RVVG Vaadin vulnerable to Cross-site Scripting

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS5.9AI score0.00327EPSS
Exploits0References5
NVD
NVD
added 2025/12/31 6:15 a.m.5 views

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

5.3CVSS0.00245EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:36 a.m.7 views

Cross-site Scripting (XSS)

Pyhtml2pdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to lack of validation of user-supplied HTML content, which allows an attacker to access and retrieve arbitrary local files...

7.5CVSS7.5AI score0.00695EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/11/03 4:35 p.m.13 views

CVE-2025-10280 Incorrect Content Type Cross-Site Scripting Vulnerability

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a...

7.1CVSS0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/11/03 4:35 p.m.5 views

CVE-2025-10280

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a...

7.1CVSS5.3AI score0.00198EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.7 views

PT-2025-44786

Name of the Vulnerable Software and Affected Versions IdentityIQ versions 8.5 IdentityIQ versions 8.4 through 8.4p3 IdentityIQ versions 8.3 through 8.3p5 versions prior to 8.3p6 Description The software allows certain web services providing non-HTML content to be accessed through a URL that...

7.1CVSS6AI score0.00198EPSS
Exploits0References4
OSV
OSV
added 2025/10/27 9:19 p.m.8 views

CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...

5.1CVSS6.8AI score0.00168EPSS
Exploits0References4
Veracode
Veracode
added 2025/10/22 7:10 a.m.7 views

Stored Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the remote app title field, which allows an attacker to inject arbitrary web scripts or HTML content that can be executed in a user’s browser...

5.4CVSS5.7AI score0.002EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder