Design/Logic Flaw

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

CVE-2024-22720

Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature...

CVE-2022-29816

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible...

Portlandlabs Concrete5 Cross-Site Scripting Vulnerability

Portlandlabs Concrete5 is an open source content management system CMS from PortlandLabs, Inc. A cross-site scripting vulnerability exists in Portlandlabs Concrete5 crete5-legacy 5.6.4.0 and prior versions, which can be exploited by remote attackers to "cID" parameter to inject arbitrary web scri...

DomainMOD <= 4.09.03 Multiple Vulnerabilities

DomainMOD is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

XSS Vulnerability in strip_tags helper in rails/actionpack

Cross-site scripting XSS vulnerability in the striptags helper in actionpack/lib/actioncontroller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an inval...

Shopify: Reflected XSS in cart at hardware.shopify.com

There is a reflected XSS at hardware.shopify.com in cart section. As there is no CSRF protetion for adding products to a cart, this one is a legitimate cross-user reflected XSS/HTML injection Reproduction: 1. Got to http://hardware.shopify.com/collections/gift-cards/products/custom-gift-card 2...

Swiki 1.5 - HTML Injection and Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28680/info Swiki is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

Novell iPrint Client ActiveX Control <= 5.52 Buffer Overflow

No description provided by source. $Id: novelliprintgetdriversettings2.rb 11888 2011-03-07 02:28:15Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...

CVE-2013-6387

Cross-site scripting XSS vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field...

Simple Forum PHP Multiple Vulnerabilities

Exploit for php platform in category web applications ========================================= Simple Forum PHP Multiple Vulnerabilities ========================================= Exploit Title: Simple Forum PHP XSS/HTML Injection Vulnerabilities Date: August 25, 2010 Author: arnabs Software Link...

Sun Java System Identity Manager 6.0/7.0/7.1 - &#039;/idm/user/main.jsp?activeControl&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. Attackers can exploit these...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections

OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections source: https://www.securityfocus.com/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to...