PT-2026-42586

Summary A cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution ...

PT-2026-33091

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

Frappe Framework 安全漏洞

Frappe Framework is a metadata-driven full-stack web application framework developed by Frappe India. Both the Frappe Framework v16.0.1 and Frappe Framework v16.1.1 versions contain security vulnerabilities. These vulnerabilities stem from the insufficient cleanup of HTML provided by the Print...

AZL-76950 CVE-2025-47911 affecting package kubevirt for versions less than 0.59.0-38

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-76842 CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.55.0-28

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

CVE-2025-58190

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the html.Parse function in golang.org/x/net/html. When processing certain...

CVE-2025-15022

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

PT-2025-51289

Name of the Vulnerable Software and Affected Versions Soosyze version 2.0.0 Description The application has a file upload issue that permits attackers to upload arbitrary HTML files containing PHP code. This broken file upload mechanism could allow attackers to view sensitive file paths and execu...

Linux Distros Unpatched Vulnerability : CVE-2020-10960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to...

webkitgtk: processing malicious web content may lead to arbitrary code execution

A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system...

DEBIAN-CVE-2024-28103

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

Generex CS141 Cross-Site Scripting Vulnerability

The Generex CS141 is a series of Ethernet adapters from the German company Generex. A cross-site scripting vulnerability exists in Generex CS141 versions prior to 2.06, which stems from allowing the upload of files containing HTML content...

PT-2022-27059 · Unknown · Csaf Provider

Name of the Vulnerable Software and Affected Versions: csaf provider versions prior to 0.8.2 Description: The issue allows for Cross-site Scripting XSS via a crafted CSAF document uploaded as text/html. The "upload" endpoint allows valid CSAF advisories in JSON format to be uploaded with...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A remote code execution vulnerability exists in versions prior to Mozilla Firefox 103, which originates from a boundary error when processing HTML content, and is exploited by an attacker to create a...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability that originates from a boundary error when processing HTML content. An attacker could exploit this vulnerability to execute arbitrary code o...

webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free

A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a use-after-free error and leading to the execution of arbitrary cod...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a buffer error vulnerability that exists due to a boundary error when processing HTML content. An attacker could exploit the vulnerability to create a specially crafted web page, trick a victim...

ROS-2-2177

2.2177 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ArcGIS Server 代码注入漏洞

Esri Arcgis Server is a web-oriented, enterprise-class software platform that can be used to provide geolocation services from Esri, Inc. in the United States. A security vulnerability exists in ArcGIS Server that allows an attacker to inject html content into a page...