RHEL 9 : doxygen (RHSA-2025:1329)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1329 advisory. Doxygen can generate an online class browser in HTML and/or a reference manual in LaTeX from a set of documented source files. The documentation is...

CVE-2024-39272

A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2024-39272

A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2024-39272

CVE-2024-39272 affects ClearML Enterprise Server 3.22.5-1533. The issue is a cross-site scripting (XSS) vulnerability in the dataset upload functionality, allowing an attacker with an existing ClearML account to upload HTML files which can execute JavaScript in the browser of an authenticated use...

CVE-2024-39272

A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2021-39946

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis...

CVE-2024-47002

A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker...

CVE-2024-51182

HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter...

CVE-2024-47002

A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker...

CVE-2024-47002

A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker...

CVE-2024-47002

A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker...

Observium 跨站脚本漏洞

Observium is a free server monitoring platform from Observium UK. Written in PHP, the platform is an auto-discovery SNMP-based network monitoring platform that supports a very wide range of network hardware and operating systems, including Cisco, Windows, Linux, HP, NetApp, and more. A cross-site...

Observium vlan html code injection vulnerability

Talos Vulnerability Report TALOS-2024-2091 Observium vlan html code injection vulnerability January 15, 2025 CVE Number CVE-2024-47002 SUMMARY A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitra...

CVE-2024-41752

CVE-2024-41752 affects IBM Cognos Analytics. The vulnerability is an HTML injection in IBM Cognos Analytics versions 11.2.0–11.2.4 and 12.0.0–12.0.3, which could allow a remote attacker to inject HTML that renders in a victim’s browser under the hosting site’s security context. The connected IBM ...

CVE-2024-48279

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request...

CVE-2024-48279

PHPGurukul User Registration & Login and User Management System 3.2 has a HTML Injection vulnerability in /search-result.php. The searchkey parameter (POST) allows remote attackers to inject/execute arbitrary HTML. Root cause is not detailed beyond this; CVSS v3.1 vector indicates high impact wit...

CVE-2024-48279

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request...

CVE-2024-48938

Znuny vulnerable versions: 6.5.1–6.5.10 and 7.0.1–7.0.16. Root cause: DoS/ReDoS via parsing email content when HTML is copied from Microsoft Word, leading to high CPU usage and blocking the parsing process. Impact: potential denial of service. Exploitation details are not provided in the connecte...

CVE-2024-48938

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process...

CVE-2024-43362

CVE-2024-43362 affects Cacti: the fileurl parameter used when saving external links is not properly sanitized, causing stored XSS via HTML injected in links.php, print in index.php, and related pages. The issue arises from unsanitized user input and has been mitigated in Cacti release 1.2.28. Ope...