CVE-2026-3241

creationtimestamp| type| source ---|---|--- 2026-03-04 03:56:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg7fbrgabw2u...

CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

EUVD-2026-3241

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might ...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.121-0.b13.el7 (AXSA:2017-1273:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1273:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-5546 RESERVED This candidate has been reserved by an organization...

Linux Distros Unpatched Vulnerability : CVE-2011-3241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and...

CVE-2024-3241

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-3241

The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2025-3241

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

CVE-2025-3241

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

CVE-2025-3241

The CVE-2025-3241 entry concerns youkefu (zhangyanbo2007) up to version 4.2.0, focusing on the XML Document Handler’s CallCenterRouterController.java. The root cause is manipulation of the routercontent argument triggering an XML External Entity (XXE) reference, enabling remote initiation of an a...

CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

RHEL 6 / 7 : openstack-nova (RHSA-2015:1898)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1898 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing...

WordPress Ultimate Blocks – Gutenberg Blocks Plugin Plugin < 3.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Blocks – Gutenberg Blocks Plugin Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3241 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d5558061fd26 Credits...

CVE-2024-3241

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-3241

CVE-2024-3241 details (confirmed in connected docs): The Ultimate Blocks WordPress plugin is affected if used before version 3.1.7. The vulnerability arises because the plugin does not validate and escape certain block options before outputting them in a page or post where the block is embedded, ...

CVE-2024-3241 Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

openSUSE 15 Security Update : poppler (SUSE-SU-2023:3241-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3241-1 advisory. - In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColo...

CVE-2023-3241

OTCMS up to version 6.62 contains a path traversal vulnerability in the file /admin/read.php?mudi=announContent via manipulation of the url parameter. Public exploit/abuse has been disclosed. Affected functionality is unknown, but the issue arises from improper handling of the url argument, enabl...

SUSE CVE-2009-3241

Unspecified vulnerability in the OpcUa OPC UA dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service memory and CPU consumption via malformed OPCUA Service CallRequest packets...