EUVD-2024-37373

Malicious code in bioql PyPI...

CVE-2023-38007 IBM Cloud Pak System HTML injection

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browse...

IBM Aspera Shares HTML Injection Vulnerability

IBM Aspera Shares is a Web application from International Business Machines IBM. IBM Aspera Shares suffers from an HTML injection vulnerability. The vulnerability stems from the application's lack of valid filtering and escaping of user-supplied data, which can be exploited by an attacker to inje...

CVE-2024-41752

CVE-2024-41752 affects IBM Cognos Analytics. The vulnerability is an HTML injection in IBM Cognos Analytics versions 11.2.0–11.2.4 and 12.0.0–12.0.3, which could allow a remote attacker to inject HTML that renders in a victim’s browser under the hosting site’s security context. The connected IBM ...

IBM App Connect Enterprise HTML Injection Vulnerability

IBM App Connect Enterprise combines the existing industry-trusted technology of IBM Integration Bus with IBM App Connect Professional and cloud technology. It provides a platform that supports the comprehensive integration needs of the modern digital enterprise. IBM App Connect Enterprise suffers...

CVE-2023-48642

Archer Platform 6.x before 6.13 P2 6.13.0.2 contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through...

CVE-2022-34160

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

CVE-2018-3770

A path traversal exists in markdown-pdf version 9.0.0 that allows a user to insert a malicious html code that can result in reading the local files...

Node.js third-party modules: [markdown-pdf] Local file reading

I would like to report local file reading in markdown-pdf It allows to insert a malicious html code, which allows to read the local files. Module module name: markdown-pdf version: 8.1.1 npm page: https://www.npmjs.com/package/markdown-pdf Module Description Node module that converts Markdown fil...

Input validation

IBM DOORS Next Generation DNG/RRC 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756...

CVE-2016-6037

IBM Rational Team Concert RTC is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2016-6037

IBM Rational Team Concert RTC is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2016-9696

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference : 1999960...

CVE-2016-5897

IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Design/Logic Flaw

IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

XOOPS 1.0 RC3 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a us...

FTLS GuestBook 1.1 Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6686/info Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook. The attacker's script code may be...

CutePHP CuteNews 1.3 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8060/info CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of...

Basit 1.0 Submit Module Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7139/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit th...