Lucene search
+L

172 matches found

cve
cve
added 5 hours ago5 views

CVE-2026-46686

Emlog 2.6.13 and earlier is affected by a reflected XSS in the admin backend. The keyword parameter from admin/user.php is added with addslashes but not HTML-escaped when rendered into the value attribute in admin/views/user.php, enabling an administrator’s session to be compromised via crafted i...

8.5CVSS6AI score0.0003EPSS
Exploits0References1
attackerkb
attackerkb
added 5 hours ago3 views

CVE-2026-46686

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...

8.5CVSS6AI score0.0003EPSS
Exploits0References2Affected Software1
nvd
nvd
added 6 days ago6 views

CVE-2026-15321

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS0.0022EPSS
Exploits0References8
cve
cve
added 6 days ago11 views

CVE-2026-15321

CVE-2026-15321 (MyEMS Admin Backend) affects myems-api/core/svg.py, function on_post, in MyEMS

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
euvd
euvd
added 6 days ago8 views

EUVD-2026-42780

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
attackerkb
attackerkb
added 6 days ago5 views

CVE-2026-15321

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
osv
osv
added 6 days ago3 views

CVE-2026-15321 MyEMS Admin Backend svg.py on_post cross site scripting

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS4.6AI score0.0022EPSS
Exploits0References10
cvelist
cvelist
added 6 days ago35 views

CVE-2026-15321 MyEMS Admin Backend svg.py on_post cross site scripting

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS0.0022EPSS
Exploits0References8
snyk
snyk
added 2026/06/12 7:32 p.m.6 views

Missing Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted...

8.8CVSS6AI score0.00253EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:47 p.m.13 views

CVE-2026-9608

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS3.5AI score0.00206EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/03 12:0 a.m.10 views

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability related to authorization in Student-Management-System, which stems from unknown functions of the Administrative Backend component in the admin/config.php file. This...

7.5CVSS7.3AI score0.00405EPSS
Exploits0References6
cve
cve
added 2026/05/27 12:15 a.m.26 views

CVE-2026-9608

CVE-2026-9608 affects QianFox FoxCMS (up to version 1.2.6) in the Administrator Backend, specifically the /Tag/edit function where a manipulated request can trigger cross-site scripting. The vulnerability arises from an unspecified element/function within that file, allowing remote exploitation. ...

4.8CVSS4.1AI score0.00206EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.17 views

PT-2026-43470

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS4.1AI score0.00206EPSS
Exploits0References6
githubexploit
githubexploit
added 2026/05/25 1:17 a.m.120 views

Exploit for CVE-2026-36239

CVE-2026-36239 CVE-2026-36239: Authenticated RCE in PbootCMS v...

6.4AI score0.00247EPSS
Exploits1
redhatcve
redhatcve
added 2026/05/09 2:21 a.m.14 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.19 views

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

3.8CVSS5.8AI score0.00162EPSS
Exploits0References4
euvd
euvd
added 2026/05/07 3:38 p.m.21 views

EUVD-2026-28377

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

5.8AI score0.00373EPSS
Exploits0References3
nvd
nvd
added 2026/05/07 3:16 p.m.18 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

9.8CVSS0.00373EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/07 12:0 a.m.39 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

0.00373EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/07 12:0 a.m.8 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

5.8AI score0.00373EPSS
Exploits0References3
Rows per page
Query Builder