CVE-2019-20374

A mutation cross-site scripting XSS issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML...

EUVD-2019-10926

Malware in sbrugna...

CVE-2024-39123

In janeczku Calibre-Web 0.6.0 to 0.6.21, the editbookcomments function is vulnerable to Cross Site Scripting XSS due to improper sanitization performed by the cleanstring function. The vulnerability arises from the way the cleanstring function handles HTML sanitization...

CVE-2024-28855 ZITADEL vulnerable to improper HTML sanitization

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the text/template instead of the html/template package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and...

HTML Injection

Sulu is vulnerable to HTML Injection. The vulnerability is due to improper HTML sanitization within the the Tag name. The HTML is executed when the tag name is listed in the auto complete form...