8 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-8405
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could hav...
EUVD-2025-34934
Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
PT-2025-25345 · Citizen · Citizen
Name of the Vulnerable Software and Affected Versions: Citizen versions prior to 3.3.1 Description: The issue arises from the insertion of various preferences messages into raw HTML, allowing editors of those messages to insert arbitrary HTML into the DOM. This could potentially lead to malicious...
CVE-2020-5223
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
Linux Distros Unpatched Vulnerability : CVE-2023-48104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. CVE-2023-48104 Note that Nessus relies on the presence of the package as reported by the vendor...
Azure Linux 3.0 Security Update: python-twisted (CVE-2024-41810)
The version of python-twisted installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41810 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. The...
PT-2023-27693 · Widestand · Widestand
Name of the Vulnerable Software and Affected Versions: WideStand versions prior to 5.3.5 Description: The issue is a Cross-site Scripting XSS reflected vulnerability. It generates one of the meta tags directly using the content of the queried URL, allowing an attacker to inject HTML/Javascript co...
PHPReactor 1.2.7 - Style Attribute HTML Injection
source: https://www.securityfocus.com/bid/5569/info phpReactor does not sufficiently sanitize HTML from various fields such as in the body of a message or in profile fields. It is possible to inject arbitrary HTML and script code into these fields. An attacker may potentially exploit this situati...