PT-2025-35087

Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Online Shopping System Advanced version 1.0 Description: A reflected Cross-Site Scripting XSS vulnerability exists in the register.php file. Unsanitized user input in the f name parameter is reflected in the server response...

Linux Distros Unpatched Vulnerability : CVE-2023-5512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions startin...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the getLanguage and getClassTypeFields functions used by the Asset Publisher configuration UI. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious inp...

PT-2025-31223 · Maptiler · Maptiler Tileserver-Php

Name of the Vulnerable Software and Affected Versions: MapTiler Tileserver-php version 2.0 Description: MapTiler Tileserver-php version 2.0 is susceptible to a Cross Site Scripting XSS issue. The layer GET parameter is reflected in an error message without proper HTML encoding. This allows an...

CVE-2024-27902

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

CVE-2023-5512

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...

CVE-2022-22546

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...

CVE-2021-3694

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...

CVE-2025-47280

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

CVE-2025-47280

Umbrao Forms HTML injection : The Send email workflow in Umbraco Forms (versions 7.x through just before 13.4.2 and 15.1.2) does not HTML-encode user-provided field values, allowing potential email spoofing or bypass of security checks. Affected forms can patch by updating to 13.4.2 or 15.1.2, or...

Umbraco Forms 安全漏洞

Umbraco Forms is a form builder from Umbraco. A security vulnerability exists in Umbraco Forms versions 7.x through 13.4.2 and prior to 15.1.2, which stems from a Send Mail workflow that does not HTML-encode user-supplied field values, which could lead to a bypass of spam and email client securit...

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

GHSA-VVH5-7V3M-J3MJ Moodle Unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2024-34006

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2024-34006

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2024-34006

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2024-34006 moodle: unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2024-34006 moodle: unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

PT-2024-25634 · Alt Linux +1 · Alt Linux +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns the site log report, which required additional encoding of event descriptions. This encoding is necessary to ensure that any HTML in the content is displayed in...