Lucene search
K

15791 matches found

CVE
CVE
added 1 hour ago1 views

CVE-2026-14083

Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago2 views

EUVD-2025-210381

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS5.8AI score
Exploits0References2
CVE
CVE
added 3 hours ago5 views

CVE-2025-36321

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS5.8AI score
Exploits0References1
NVD
NVD
added 13 hours ago7 views

CVE-2026-6953

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS
Exploits0References1
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-40270

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago4 views

CVE-2026-6953 Multiple vulnerabilities in Intermark IT's WebControl CMS

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 14 hours ago3 views

CVE-2026-6953

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS5.8AI score
Exploits0References2
Nuclei
Nuclei
added 18 hours ago36 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. id: CVE-2018-7196 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.6AI score0.02482EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago10 views

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

6.1CVSS7.1AI score0.01843EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday27 views

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...

4.3CVSS5.8AI score0.08732EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago56 views

XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...

10CVSS8.1AI score0.9348EPSS
Exploits1References2
NVD
NVD
added 5 days ago6 views

CVE-2026-13225

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS0.00345EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-13314

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS0.00248EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM Cloud Pak System is vulnerable to HTML injection[CVE-2023-38007].

Summary IBM Cloud Pak System is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Vulnerability was addressed in IBM Cloud Pak System. Vulnerability...

5.4CVSS5.9AI score0.00212EPSS
Exploits0Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-52807

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS0.00483EPSS
Exploits0References4
NVD
NVD
added 6 days ago9 views

CVE-2026-56761

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-56761

CVE-2026-56761 affects the hono framework prior to 4.12.14, where server-side rendering of JSX allows HTML injection through malformed attribute names. Attackers can craft attribute keys containing characters like quotes or angle brackets, breaking tag boundaries and injecting unintended attribut...

5.3CVSS6AI score0.00174EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

pgAdmin < 9.16 HTML Injection (CVE-2026-12047)

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by an HTML injection vulnerability: - Cloud deployment endpoints forward SDK exception text directly into JSON fields without HTML-encoding. The Cloud Wizard frontend renders these responses through...

5.4CVSS6AI score0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 9:17 p.m.6 views

CVE-2026-47383

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

7.4CVSS0.00288EPSS
Exploits0References1
Rows per page
Query Builder