SUSE CVE-2026-27116

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versio...

GO-2026-4552 Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api...

GHSA-4QGR-4H56-8895 Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...

CVE-2026-27116 Vikunja has Reflected HTML Injection via filter Parameter in Projects Module

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

Mars: Reflected HTML Injection via contact (faq) search parameter on ██████████

The report describes a reflected HTML injection vulnerability in the contact faq search parameter on the ██████████. A specific HTML payload entered into this parameter was reflected back in the response without proper sanitization, allowing for the execution of arbitrary HTML and potentially...

Mars: Reflected HTML Injection via contact (faq) search parameter on ███]=

The reflected HTML injection vulnerability was identified in the search parameter of the contact FAQ page on ███████. The vulnerability allowed for the injection and execution of arbitrary HTML and script code in the context of other users' web browsers. The issue was demonstrated through the...

CVE-2023-44355 ColdFusion | Improper Input Validation (CWE-20)

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this...

EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. Insert '"Clickme! on the keyword search field or directly on the link...

CVE-2019-10887

A reflected HTML injection vulnerability on Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name=...

CVE-2019-10887

CVE-2019-10887 describes a reflected HTML-injection vulnerability in Salicru SLC-20‑cube3(5) devices running firmware cs121-SNMP v4.54.82.130611. Affected endpoints allow HTML payloads via /DataLog.csv?log=, /AlarmLog.csv?log=, /waitlog.cgi?name=, /chart.shtml?data=, and /createlog.cgi?name=. Pub...