CVE-2025-1985 PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability

Due to improper neutralization of input during web page generation XSS an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

CVE-2024-6558

HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by hos...

CVE-2024-51182

HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter...

CVE-2023-45206

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...

CVE-2023-42180

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

CVE-2023-37908

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

CVE-2023-28648

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...

CVE-2020-22839

Reflected cross-site scripting vulnerability XSS in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter...

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2019-10741

K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within digitally signed reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an...

Cross-Site Scripting (XSS)

@lumieducation/h5p-server is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the omission of the sanitizeHtml function call for plain text strings, which allows attackers to inject malicious HTML or JavaScript code...

GHSA-X82R-6J37-VRGG Pimcore's Admin Classic Bundle allows HTML Injection

Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. Details The vulnerability was discovered in the...

Pimcore's Admin Classic Bundle allows HTML Injection

Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. Details The vulnerability was discovered in the...

CVE-2025-27102

Agate (OBiBa epidemiology) is affected by an HTML injection vulnerability in user signup that allows arbitrary HTML to be injected into a user’s first/last name and rendered in the admin email, enabling phishing risk targeting administrative users. The issue exists in versions prior to 3.3.0 and ...

CVE-2025-22274

It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...

CVE-2025-22274

It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...

Firefox 135.0.1 Download Stresser

Firefox version 135.0.1 appears to suffer from a download looping issue that allows a malicious site to constantly download files to a user's browser. Exploit Title: Firefox 135.0.1 bypass Download protections PoC Date: 2025-02-28 Exploit Author: Emiliano Febbi Vendor Homepage:...

IBM Aspera Shares HTML Injection Vulnerability

IBM Aspera Shares is a Web application from International Business Machines IBM. IBM Aspera Shares suffers from an HTML injection vulnerability. The vulnerability stems from the application's lack of valid filtering and escaping of user-supplied data, which can be exploited by an attacker to inje...