html injection vulnerabilities and exploits

(subscribe to this query)

7.2

CVSSv3

The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site...

Ad Injection Project Ad Injection

9.8

CVSSv3

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression....

Pear Html Ajax 0.5.6 Pear Html Ajax 0.5.4 Pear Html Ajax 0.3.4 Pear Html Ajax 0.3.2 Pear Html Ajax 0.5.3 Pear Html Ajax 0.5.2 Pear Html Ajax 0.5.1 Pear Html Ajax 0.5.0 Pear Html Ajax 0.4.1 Pear Html Ajax 0.3.1 Pear Html Ajax 0.3.0 Pear Html Ajax 0.5.7 Pear Html Ajax 0.5.5 Pear Html Ajax 0.4.0 Pear Html Ajax 0.3.3

NA

SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action....

Html-edit Html-edit Cms 3.1.81 EDB exploit available

7.2

The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...

Ibericode Html Forms1 Github repository available

9.8

CVSSv3

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method,...

Html Quickform Project Html Quickform 3.2.14 Civicrm Civicrm 5.3.0 Civicrm Civicrm

6.1

CVSSv3

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This...

Mozilla Firefox

5.4

CVSSv3

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...

Gitlab Gitlab

9.8

CVSSv3

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability...

Redhat Enterprise Linux Aus 7.3 Redhat Enterprise Linux Aus 7.4 Redhat Enterprise Linux Workstation 5.0 Redhat Enterprise Linux Eus 7.4 Redhat Enterprise Linux Desktop 5.0 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Server 5.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Eus 7.3 Redhat Enterprise Linux Eus 7.5 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Desktop 6.0 Mozilla Firefox Mozilla Firefox Esr

6.1

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages....

Ovirt Ovirt-engine 4.3.01 Github repository available

6.1

CVSSv3

Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection....

Doxygen Doxygen

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook