incose.se Cross Site Scripting vulnerability OBB-2719055

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2019-9055

creationtimestamp| type| source ---|---|--- 2019-11-13 14:45:46+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cmsmsobjectinjectionrce.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:19+00:00| seen...

CMS Made Simple 2.2.8 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CMS Made Simple Authenticated RCE via object injection', 'Description' = %q An issue was discovered in CMS Made Simple 2.2.8. In the module...

CVE-2019-9055

CMS Made Simple 2.2.8 contains a vulnerability in the DesignManager module (action.admin_bulk_css.php and action.admin_bulk_template.php) where an unserialize call on m1_allparms can be triggered by an unprivileged user with Designer permission to achieve object injection, enabling authenticated ...