CVE-2018-25282

Nmap 7.70 is affected by a local denial-of-service vulnerability caused by exponential XML entity expansion in XML processing (triggered via ZenMap scan import). A crafted XML file with nested entity definitions can cause excessive resource consumption, potentially crashing the application. The C...

EUVD-2026-24605

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user...

XML Injection

xmldom is vulnerable to an XML Injection. The vulnerability is due to improper handling of CDATA termination during serialization, which allows an attacker to inject malicious XML markup and manipulate the structure of the output...

CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

CVE-2023-53901 WBCE CMS 1.6.1 Cross-Site Scripting and Open Redirect Vulnerability

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

Cross-site Scripting (XSS)

Overview @mermaid-js/tiny is a Tiny version of mermaid Affected versions of this package are vulnerable to Cross-site Scripting XSS via the node labels which were introduced in 734bde3. An attacker can execute arbitrary JavaScript in the context of the application by injecting malicious HTML...

org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request

A flaw was found in Fast Healthcare Interoperability Resources HAPI FHIR. This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities...

org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request

A flaw was found in Fast Healthcare Interoperability Resources HAPI FHIR. This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities...

Apache Drill 代码问题漏洞

Apache Drill is an open source software framework from the American company Apache Apache. Apache Drill 1.19.0 and earlier versions suffer from an XML external entity injection vulnerability that can be exploited by an attacker to read any file on a remote file system or execute commands through ...

Checkmk 跨站脚本漏洞

Checkmk is an editor. A security vulnerability exists in versions of Checkmk prior to 1.6.0. An attacker exploited the vulnerability to inject malicious HTML into emails...

GHSA-47m6-46mj-p235: By-passing Cross-Site Scripting Protection in HTML Sanitizer

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 Problem Due to a parsing issue in upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanis...

Microweber 代码注入漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber before 1.3, which stems from t...

PT-2019-11451 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 7.0.0 Description: The issue allows malicious HTML to change user passwords, disable users, and disable password encryption. It is related to the function that handles user password changes, user disablement, and password...

Views (for Drupal 7) - Less critical - Cross site scripting - SA-CONTRIB-2019-036

This module enables you to create customized lists of data. The module doesn't sufficiently sanitize certain field types, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that a view must display a field with the format "Full data serialized" and an...

Cross site scripting

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...