CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44 matches found

GLPI <=10.0.2 - Remote Command Execution

GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. id: CVE-2022-35914 info: name: GLPI =10.0.2 - Remote Command Execution author: For3stCo1d,allendemoura severity: critical description: | GLPI through 10.0...

9.8CVSS9AI score0.99521EPSS

Exploits13References7

OSV•added 2026/03/31 11:12 p.m.•2 views

GHSA-3H6J-9X8M-RG3G Graby has stored XSS via iframe srcdoc Attribute in htmLawed Sanitization Config

Summary Graby's cleanupXss function configures htmLawed with conflicting settings: safe=1 which removes combined with 'elements' = '+iframe-meta' which re-enables . htmLawed does not sanitize the srcdoc attribute, allowing injection of arbitrary JavaScript that executes when the content is render...

5.3CVSS6AI score

Exploits0References4

Snyk•added 2026/03/31 11:12 p.m.•1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the cleanupXss function when sanitizing HTML content with conflicting htmLawed configuration options. An attacker can execute arbitrary JavaScript in the context of the affected application by injecting...

6.1CVSS6AI score

Exploits0References2

Github Security Blog•added 2026/03/31 11:12 p.m.•6 views

Graby has stored XSS via iframe srcdoc Attribute in htmLawed Sanitization Config

6AI score

Exploits0References4Affected Software1

RedhatCVE•added 2026/01/09 10:39 a.m.•14 views

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

9.8CVSS7.2AI score0.99521EPSS

Exploits13References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2010-4611

Malware in sbrugna...

4.3CVSS6.4AI score0.01086EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2009-0408

Malware in sbrugna...

4.3CVSS6.4AI score0.01292EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2010-4333

Malware in sbrugna...

4.3CVSS6.4AI score0.0112EPSS

Exploits0References6

BDU FSTEC•added 2025/03/27 12:0 a.m.•2 views

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory allows a hacker to inject arbitrary PHP code.

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory management is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to inject arbitrary PHP code remotely...

10CVSS8.3AI score0.99521EPSS

Exploits13References3Affected Software2

Redos•added 2025/03/03 12:0 a.m.•5 views

ROS-20250303-02

Vulnerability in the htmlawed module of the GLPI computer hardware request, incident and inventory system is related to incorrect input validation in /vendor/htmlawed/htmlawed/htmlawed/htmLawedTest.php. Exploitation of the of the vulnerability could allow an attacker acting remotely to inject...

9.8CVSS7.1AI score0.99521EPSS

Exploits13

CISA KEV Catalog•added 2023/03/07 12:0 a.m.•21 views

Teclib GLPI Remote Code Execution Vulnerability

Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed...

9.8CVSS2.2AI score0.99521EPSS

In wildExploits13

Tenable Nessus•added 2023/01/11 12:0 a.m.•300 views

HTMLawed < 1.2.9 Command Injection (CVE-2022-35914)

Binary data htmlawedcmdinjection.nbin...

9.8CVSS9.6AI score0.99521EPSS

Exploits13References2

Tenable Nessus•added 2022/11/21 12:0 a.m.•49 views

HTMLawed < 1.2.9 Code Injection

In versions lower than 1.2.9 htmLawedTest.php in the HTMLawed module allows PHP code injection. No source data...

9.8CVSS9.8AI score0.99521EPSS

Exploits13References2

Packet Storm•added 2022/10/25 12:0 a.m.•703 views

GLPI 10.0.2 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GLPI htmLawed php command injection', 'Description' = %q This exploit takes advantage of a unauthenticated php command injection available from...

9.8CVSS9.6AI score0.99521EPSS

Exploits13

Metasploit•added 2022/10/24 7:50 p.m.•999 views

GLPI htmLawed php command injection

This exploit takes advantage of a unauthenticated php command injection available from GLPI versions 10.0.2 and below to execute a command. Module Options msf use exploit/linux/http/glpihtmlawedphpinjection msf exploitglpihtmlawedphpinjection show targets ...targets... msf...

9.8CVSS9AI score0.99521EPSS

Exploits13