Lucene search
+L

15893 matches found

EUVD
EUVD
added 2026/06/30 8:19 p.m.7 views

EUVD-2025-210381

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS5.8AI score0.00407EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 10:16 a.m.8 views

CVE-2026-6953

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:53 a.m.7 views

EUVD-2026-40270

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS5.8AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:53 a.m.33 views

CVE-2026-6953 Multiple vulnerabilities in Intermark IT's WebControl CMS

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS0.0036EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:53 a.m.7 views

CVE-2026-6953

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS5.8AI score0.0036EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53976

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An HTML injection flaw allows a remote attacker to inject malicious HTML code. When this code is viewed, it is executed in the victim's web browser within the security...

5.7CVSS6.1AI score0.00407EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 6:50 p.m.4 views

CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS6AI score0.00405EPSS
Exploits0References10
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.121 views

XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...

10CVSS8.1AI score0.9348EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.14 views

PT-2026-53051

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References14
NVD
NVD
added 2026/06/25 3:16 p.m.16 views

CVE-2026-13314

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.13 views

CVE-2026-13225

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:31 p.m.37 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 2:31 p.m.8 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 2:31 p.m.4 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS5.9AI score0.00248EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 9:16 p.m.10 views

CVE-2026-52807

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS0.00483EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, failed to sanitize the input before writing it into the PostScript header. An attacker can provide a...

5.7CVSS7.3AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 1:16 p.m.12 views

CVE-2026-56761

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS0.00174EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56761

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS6AI score0.00174EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 11:53 a.m.25 views

CVE-2026-56761

CVE-2026-56761 affects the hono framework prior to 4.12.14, where server-side rendering of JSX allows HTML injection through malformed attribute names. Attackers can craft attribute keys containing characters like quotes or angle brackets, breaking tag boundaries and injecting unintended attribut...

5.3CVSS6AI score0.00174EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 11:53 a.m.3 views

CVE-2026-56761 hono - HTML Injection via Improper JSX Attribute Name Handling in SSR

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS6.1AI score0.00174EPSS
Exploits0References4
Rows per page
Query Builder