Lucene search
K

311 matches found

CVE
CVE
added 2025/11/12 12:0 a.m.12 views

CVE-2025-63419

Summary: CVE-2025-63419 affects CrushFTP 11.3.6_48. The web-based server’s file sharing feature reflects the filename into an emailBody field without sanitization, enabling HTML injection through an XSS vulnerability. Affected: CrushFTP Web-Based Server (CrushFTP 11.3.6_48). Impact/Notes: XSS via...

6.1CVSS5.5AI score0.00229EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/11/11 1:15 p.m.7 views

CVE-2025-41103

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...

5.4CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 12:21 p.m.11 views

CVE-2025-41106

An HTML injection flaw is present in Fairsketch’s RISE CRM Framework v3.8.1 (CVE-2025-41106). The root cause is insufficient validation of user input, enabling HTML code injection via a POST to /clients/save_contact/ with the first_name parameter. Affected product: Fairsketch RISE CRM Framework; ...

5.4CVSS6.9AI score0.00167EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/11/11 12:16 p.m.15 views

CVE-2025-41103

CVE-2025-41103: HTML injection in Fairsketch’s RISE CRM Framework v3.8.1 due to insufficient validation of user input in the POST parameter reply_message of /messages/reply. This is a client-facing input validation flaw that enables injection of HTML content into responses. The CVE is corroborate...

5.4CVSS6.9AI score0.00158EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/11 12:15 p.m.3 views

CVE-2025-41102

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'...

5.4CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46333

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'...

5.1CVSS7.3AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/07 3:11 a.m.7 views

EUVD-2025-37860

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

4.6CVSS6.4AI score0.0015EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 9:15 p.m.5 views

CVE-2025-33110

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 8:43 p.m.4 views

CVE-2025-33110 IBM OpenPages Vulnerable to HTML Injection

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.2AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.7 views

PT-2025-45374

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.6AI score0.00193EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/16 4:56 p.m.15 views

CVE-2025-62380

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...

6.3CVSS7.5AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 8:41 p.m.18 views

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

6.3CVSS7.2AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 5:16 p.m.6 views

CVE-2025-62380

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...

6.3CVSS0.00418EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/14 7:49 p.m.8 views

Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...

6.3CVSS7.4AI score0.00395EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/14 3:23 p.m.1 views

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

6.3CVSS6.8AI score0.00395EPSS
Exploits0References2
CVE
CVE
added 2025/10/14 12:0 a.m.41 views

CVE-2025-60374

This CVE describes a Stored XSS in Perfex CRM’s chatbot feature prior to v3.3.1. The vulnerability allows injected HTML/JavaScript to execute in users’ browsers when viewing chat messages, enabling client-side code execution and potential session token theft. Affected product: Perfex CRM (chatbot...

6.1CVSS5.5AI score0.00314EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.7 views

PT-2025-41969

Name of the Vulnerable Software and Affected Versions mailgen versions through 2.0.30 Description mailgen is a Node.js package used to generate responsive HTML e-mails. Versions through 2.0.30 have an issue where the generatePlaintext function does not properly remove encoded HTML entities from...

6.3CVSS6.6AI score0.00395EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/12 6:30 a.m.5 views

EUVD-2025-33884

HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session...

4.6CVSS6.4AI score0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/10 12:0 a.m.12 views

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

0.01007EPSS
Exploits1References1
OSV
OSV
added 2025/10/08 6:3 p.m.5 views

CVE-2025-61788 Opencast Paella Player 7 vulnerable to Cross-Site-Scripting

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

5.1CVSS6.7AI score0.00198EPSS
Exploits0References4
Rows per page
Query Builder