Lucene search
K

146 matches found

OSV
OSV
added 2026/03/04 2:16 p.m.5 views

CVE-2025-40894

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 2:16 p.m.7 views

CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML...

2CVSS5.8AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/03/04 2:16 p.m.15 views

CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML...

4.8CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 1:51 p.m.4 views

CVE-2025-40894 HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...

4.4CVSS6AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 1:51 p.m.18 views

CVE-2025-40894

CVE-2025-40894 describes a Stored HTML Injection in the Alerted Nodes Dashboard due to improper input validation. A logged-in user with required privileges can edit a node label to inject HTML, which may render in a victim’s browser if alerts exist for that node, enabling phishing and potentially...

5.4CVSS6AI score0.00162EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.12 views

PT-2026-22914

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...

4.4CVSS6AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/02 7:51 p.m.4 views

Cross-site Scripting (XSS)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CommentsService component that lacks sanitization for stored HTML. An attacker can execute arbitrary scripts in the context of users viewing affected rich text fields by injecting...

5.4CVSS5.9AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/02 6:34 p.m.3 views

Cross-site Scripting (XSS)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Comment.insert function that that lacks sanitization for stored HTML. An attacker can execute arbitrary JavaScript code in the context of the user's browser by submitting crafted input...

5.4CVSS5.9AI score0.00143EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/19 10:50 p.m.4 views

CVE-2026-26953

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentia...

5.4CVSS6.2AI score0.00294EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 10:50 p.m.4 views

CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentia...

5.4CVSS6.2AI score0.00294EPSS
Exploits1References3
NVD
NVD
added 2026/02/11 7:15 p.m.8 views

CVE-2025-70296

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...

5.4CVSS0.0023EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.25 views

CVE-2025-70296

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...

0.0023EPSS
Exploits1References3
CVE
CVE
added 2026/02/11 12:0 a.m.17 views

CVE-2025-70296

CVE-2025-70296 is a stored HTML injection in Mealie 3.3.1’s Recipe Notes rendering component. Remote authenticated users can inject arbitrary HTML, causing user interface redressing in the recipe view. Descriptions across multiple sources confirm the vulnerability and affected version; one connec...

5.4CVSS5.8AI score0.0023EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.6 views

FreeBSD : Gitlab -- vulnerabilities (9d9940e7-071c-11f1-93ca-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9d9940e7-071c-11f1-93ca-2cf05da270f3 advisory. Gitlab reports: Incomplete Validation issue in Web IDE impacts GitLab CE/EE Denial of Service...

9.1CVSS6.1AI score0.004EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2026/02/06 10:10 p.m.3 views

CVE-2026-25764 OpenProject vulnerable to Stored HTML injection

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS5.4AI score0.00241EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:35 a.m.7 views

CVE-2024-34697

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

7.6CVSS7.2AI score0.00575EPSS
Exploits1References1
NVD
NVD
added 2025/12/27 1:15 a.m.7 views

CVE-2025-68927

Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...

8.6CVSS0.00193EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/27 12:4 a.m.20 views

CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk

Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...

8.6CVSS0.00193EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.3 views

Libredesk 跨站脚本漏洞

Libredesk is a user support platform by the individual developer Abhinav Raut. A cross-site scripting vulnerability exists in versions prior to Libredesk 0.8.6-beta, which stems from a stored HTML injection issue in the contact notes feature that could lead to phishing and CSRF attacks...

8.6CVSS5.9AI score0.00193EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/19 2:9 p.m.4 views

CVE-2025-40891

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...

4.7CVSS6.5AI score0.00143EPSS
Exploits0References1
Rows per page
Query Builder