CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

CVE-2026-11434 FluentCMS Blocks Plugin blocks cross site scripting

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

CVE-2026-11434 FluentCMS Blocks Plugin blocks cross site scripting

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

EUVD-2026-34969

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

FluentCMS 代码注入漏洞

FluentCMS is an open-source content management system developed by FluentCMS. Version 0.0.5 of FluentCMS has a code injection vulnerability, which stems from unknown functions in the Blocks Plugin component file located at admin/blocks. This vulnerability may lead to cross-site scripting attacks...

CVE-2026-22230

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...

EUVD-2022-3808

Malicious code in bioql PyPI...

DRUPAL-CONTRIB-2023-019

This module provides social media share & follow buttons. The module doesn't sufficiently restrict AddToAny block settings to users who have permission to administer AddToAny. This allows users with lower permission to configure malicious code leading to a Cross Site Scripting XSS vulnerability...

DRUPAL-CONTRIB-2023-006

This module enables you to add social sharing buttons to a site. The module doesn't sufficiently sanitize the weight and ratio values entered in the module or block configuration. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks"...

Croogo vulnerable to XSS in title field

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

GHSA-Q4H5-G3W8-F9X7 Subrion CMS vulnerable to CSRF in admin/blocks/add

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter...

Access Restriction Bypass

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Access Restriction Bypass due to front-end restrictions. Random users can self-register even when the admin does not allow it. Remediation Upgrade...

Subrion CMS Code Issue Vulnerability

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A security vulnerability exists in the admin/blocks.php file in Subrion CMS 4.2.1 and earlier versions. An attacker ca...

CVE-2019-7171

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

CVE-2019-7171

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04653)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in admin/blocks/add/URI in Subrion CMS version 4.0.5. An...

Cross site request forgery (csrf)

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter...

Manx cms.xml 1.0.1 Multiple HTTP Response Splitting Vulnerabilities

Summary Manx is a Content Management System that uses xml text files to store the page contents, instead of a mysql database. Description Input passed to the POST parameter 'editorChoice' in 'adminblocks.php' and 'adminpages.php' and the POST parameter 'theme' in 'admincss.php', 'adminjs.php' and...