Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need
A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authent
A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.
CVE-2025-31286
CRITICAL CVSS 9.0
Find Similar
An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the ba
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML
A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Re
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with adminis
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: M
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.
Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: M
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Att
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-sid
A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parame
A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Page 1+ Next →