CVE-2020-5552

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2573

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

CVE-1999-0264

htmlscript CGI program allows remote read access to files...

CVE-2025-36558

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

CVE-2025-24892

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a...

CVE-2025-24892

CVE-2025-24892 affects OpenProject prior to 15.2.1, where the Group Management UI fails to sanitize user input, allowing HTML/script content in groups to be rendered in a project (stored HTML injection). The issue is resolved in OpenProject 15.2.1. If upgrading isn’t possible, a patch is availabl...

PT-2025-6068 · Unknown · Openproject

Name of the Vulnerable Software and Affected Versions: OpenProject versions prior to 15.2.1 Description: The issue arises from the application's failure to properly sanitize user input before displaying it in the Group Management section. Specifically, groups created with HTML script tags are not...

CVE-2024-25155

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...

GHSA-7P7Q-FJFW-V3GF Bagisto Cross-Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability in Bagisto before v.1.3.2 allows an attacker to execute arbitrary code via a crafted HTML script...

CVE-2023-36237

Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script...

CVE-2023-36237

Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script...

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script...

CVE-2023-36237

Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script...

SUSE CVE-2014-7929

Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact...

SUSE CVE-2015-1218

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents,...

CVE-2022-39348 Twisted vulnerable to NameVirtualHost Host header injection

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...

Remote Code Execution (RCE)

librenms is vulnerable to remote code execution. A lack of sanitization of user input via the widget title allows an attacker to inject malicious html script or js code into the system...

Palo Alto Networks Prisma Cloud 跨站脚本漏洞

Palo Alto Networks Prisma Cloud is a comprehensive cloud-native security platform from US-based Palo Alto Networks, Inc. provides cloud security services. Prisma Cloud Compute suffers from a cross-site scripting vulnerability that stems from insufficient innocent handling of user-supplied data. A...

CVE-2020-12817

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors...

Cross-site Scripting (XSS)

kibana is susceptible to cross-site scripting XSS. The vulnerability allows a user with privilege to edit or create a region map visualization to inject malicious HTML script via region map visualization feature, leading to sensitive information leakage and perform malicious action on behalf of...