PT-2025-3188 · Unknown · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms versions n/a through 1.4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious code into the HTML Forms,...

PT-2026-20838

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.2.15 Description The application does not properly validate JavaScript within HTML code tags, which allows for the injection of malicious scripts that execute in a victim’s browser. This can lead to Cross-Site Scriptin...

The vulnerability of the strip_tags() function in the django.utils.html module of the Django software framework allows a attacker to cause a denial-of-service attack.

The vulnerability of the striptags function in the django.utils.html module of the Django software framework relates to unlimited resource allocation due to improper escaping of HTML characters. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending special...

BIT-RAILS-2024-28103 Action Pack is missing security headers on non-HTML responses

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

Online Birth Certificate System HTML Injection Vulnerability

Online Birth Certificate System is an online birth certificate system. Online Birth Certificate System suffers from an HTML injection vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute...

CVE-2024-36831

A NULL pointer dereference in the pluginscallhandleuriclean function of D-Link DAP-1520 REVAFIRMWARE1.10B04BETA02HOTFIX allows attackers to cause a Denial of Service DoS via a crafted HTTP request without authentication...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

undertow: information leakage via HTTP/2 request header reuse

REJECTED CVE A vulnerability has been identified in the Undertow package where the readHpackString method may incorrectly reuse an HTTP request header value from a previous stream for a new request on the same HTTP/2 connection due to improper handling of the stringBuilder field. While this...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. A cross-site scripting vulnerability exists in Beauty Parlour Management System. The vulnerability stems from the injection of arbitrary HTML into the Firstname an...

DEBIAN-CVE-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

PT-2024-9309 · Dell · Dell Openmanage Server Administrator

Name of the Vulnerable Software and Affected Versions: Dell OpenManage Server Administrator versions 11.0.1.0 and prior Description: The issue is related to an improper access control vulnerability in the Dell OpenManage Server Administrator. This vulnerability can be exploited by a remote...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus 10.10.0 and earlier versions, which stems from a filter in the commenting feature that runs only on the client side and can be...

Kanboard 安全漏洞

Kanboard is a suite of open source visual task board software from Kanboard Open Source. The software has the ability to customize the panels according to the business. Kanboard version 1.2.40 security vulnerability , the vulnerability stems from HTML can be injected and stored in the application...

WordPress plugin Funnelforms Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

The vulnerability of the Media components in Microsoft Edge and Google Chrome allows attackers to compromise privacy, integrity, and accessibility.

The vulnerability of the Media components in Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to compromise privacy, integrity, and accessibility through a specially crafted HTML page...

The vulnerability of the ldap_escape() function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the ldapescape function in the PHP programming language is related to the escape operation going beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

HAProxy vulnerable to HTTP request/response smuggling

Overview HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Yuki Mogi of FFRI...

PT-2024-9611 · Zabbix +3 · Zabbix +3

Name of the Vulnerable Software and Affected Versions: Browser object affected versions not specified Zabbix affected versions not specified Description: The issue is related to the handling of data downloaded from an HTTP server by the Browser object's web driver. When the server's response is a...

The vulnerability of Google Chrome’s Blink rendering module allows a hacker to replace the user interface.

The vulnerability of Google Chrome’s Blink rendering module is related to improper implementation. Exploiting this vulnerability allows a remote attacker to replace the user interface with a specially created HTML page...

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...