Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-0661
The Ad Injection WordPress plugin up to and including 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cro...
Ad Injection Project Ad Injection
9.8
CVSSv3
CVE-2017-5677
PEAR HTML_AJAX 0.3.0 up to and including 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.
Pear Html Ajax 0.5.6
Pear Html Ajax 0.5.4
Pear Html Ajax 0.3.4
Pear Html Ajax 0.3.2
Pear Html Ajax 0.5.3
Pear Html Ajax 0.5.2
Pear Html Ajax 0.5.1
Pear Html Ajax 0.5.0
Pear Html Ajax 0.4.1
Pear Html Ajax 0.3.1
Pear Html Ajax 0.3.0
Pear Html Ajax 0.5.7
Pear Html Ajax 0.5.5
Pear Html Ajax 0.4.0
Pear Html Ajax 0.3.3
NA
CVE-2010-4609
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote malicious users to execute arbitrary SQL commands via the nuser parameter in a registrate action.
Html-edit Html-edit Cms 3.1.8
1 EDB exploit
9.8
CVSSv3
CVE-2018-1999022
PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_Q...
Html Quickform Project Html Quickform 3.2.14
Civicrm Civicrm 5.3.0
Civicrm Civicrm
7.2
CVSSv3
CVE-2022-3689
The HTML Forms WordPress plugin prior to 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
Ibericode Html Forms
6.1
CVSSv3
CVE-2019-25144
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated malicious users to inject arbitrary HTML in pages that execute if they can successfull...
Codemiq Wp Html Mail
6.1
CVSSv3
CVE-2019-25148
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated malicious users to inject arbitrary HTML in pages that execute if they can successful...
Codemiq Wp Html Mail
NA
CVE-2006-0735
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and previous versions, as used in products such as My Blog prior to 1.65, allows remote malicious users to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
Fuzzymonkey My Blog 1.31
Fuzzymonkey My Blog 1.4
Fuzzymonkey My Blog 1.63
Fuzzymonkey My Blog 1.64
Fuzzymonkey My Blog 1.23
Fuzzymonkey My Blog 1.3
Fuzzymonkey My Blog 1.61
Fuzzymonkey My Blog 1.62
Fuzzymonkey My Blog 1.21
Fuzzymonkey My Blog 1.22
Fuzzymonkey My Blog 1.52
Fuzzymonkey My Blog 1.6
Fuzzymonkey My Blog 1.0
Fuzzymonkey My Blog 1.2
Fuzzymonkey My Blog 1.5
Fuzzymonkey My Blog 1.51
M Blom Html-bbcode 1.03
M Blom Html-bbcode 1.04
1 EDB exploit
5.4
CVSSv3
CVE-2019-10226
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a ...
Fatfreecrm Fat Free Crm 0.19.0
1 EDB exploit
6.1
CVSSv3
CVE-2018-15608
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
Manageengine Admanager Plus 6.5.7
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »