5 matches found
CVE-2026-48821
Shaarli versions ≤ 0.16.1 are affected by a DOM-based XSS in the Thumbnail Synchronizer. The ThumbnailsController::ajaxUpdate backend returns unescaped bookmark titles in JSON via an AJAX response, which are injected into the DOM by thumbnails-update.js using innerHTML. This requires an administr...
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...
Fork CMS 5.4.0 Cross Site Scripting / HTML Injection
Exploit Title: Fork CMS 5.4.0 - HTML Injection and Stored XSS Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type : Code Injection Vulenrabili...