Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-5761
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote malicious users to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the na...
Flatnux Flatnux 2008-12-11
1 EDB exploit
NA
CVE-2004-0319
Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote malicious users to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument.
Ezboard Ezboard 7.3u
1 EDB exploit
NA
CVE-2008-0872
Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote malicious users to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message.
Smartertools Smartermail Enterprise 4.3
1 EDB exploit
NA
CVE-2005-2276
Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote malicious users to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag.
Novell Groupwise Webaccess 6.5
Novell Groupwise Webaccess 6.0
1 EDB exploit
NA
CVE-2006-0409
Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote malicious users to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.
Pixelpost Photoblog 1.4.3
1 EDB exploit
NA
CVE-2006-0443
Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote malicious users to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment.
Cheesyblog Cheesyblog 1.0
1 EDB exploit
6.1
CVSSv3
CVE-2019-11844
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
Ricoh Sp 4520dn Firmware -
NA
CVE-2002-1493
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote malicious users to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.
Lycos Htmlgear Guestgear
1 EDB exploit
5.4
CVSSv3
CVE-2023-48837
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
Phpjabbers Car Rental Script 3.0
5.4
CVSSv3
CVE-2023-48838
Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.
Phpjabbers Appointment Scheduler 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »