The TP-LINK TL-WR740N router with version 3.12.11 Build 110915 Rel.40896n is vulnerable to multiple HTML injection issues. An attacker can inject malicious HTML code into the Target Description box under Access control settings, leading to potential cross-site scripting (XSS) attacks.
The GoAhead Web Server version 2.5 is vulnerable to multiple HTML injection flaws as it lacks proper input validation. Exploiting this vulnerability allows an attacker to execute malicious HTML code within the context of the affected site.
The TP-LINK TL-WR740N router version 3.12.11 Build 110915 Rel.40896n is vulnerable to multiple HTML injection issues. By inserting HTML code like <h1>Hello<h1> into the Target Description box under Access control settings, an attacker can inject arbitrary HTML code into the webpage.
Multiple HTML injection vulnerabilities are found in GoAhead Web Server version 2.5 due to insufficient input validation. Exploiting this vulnerability allows an attacker to inject and execute HTML code within the context of the affected site.
This HTML form allows an attacker to inject malicious code into the website's admin page. The attacker can modify the website name, website type, IP address, and mail access settings.
The vulnerabilities allow attackers to perform cross-site scripting attacks, inject HTML code, and hijack user accounts using specially crafted cookies. An attacker can exploit these vulnerabilities by sending malicious requests to the affected PHPX server.
OpenBB is vulnerable to HTML injection attacks when HTML code is replaced with BBCodes. This allows an attacker to inject arbitrary HTML code into forum messages, leading to cross-site scripting (XSS) attacks and potential theft of cookie-based authentication credentials.
The Elite Forum application fails to properly sanitize user-supplied input before using it in dynamically generated content. This allows an attacker to inject HTML and script code into the affected website, potentially leading to the theft of authentication credentials and control over the site's rendering.
The Search Enhanced module for is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
The Contrexx CMS is affected by multiple input validation vulnerabilities that allow for HTML injection, SQL injection, and information disclosure attacks. An attacker can exploit these vulnerabilities by supplying a specially crafted value for the 'votingoption' parameter and submitting the form. Additionally, the vulnerabilities can be exploited through the 'section' and 'term' parameters in specific URLs. These vulnerabilities can be used to carry out attacks such as executing arbitrary JavaScript code (XSS) and retrieving sensitive information from the database.