📄 SPIP Blind Server-Side Request Forgery

SPIP versions prior to 4.4.9 suffers from a blind server-side request forgery vulnerability within the private administration interface. ============================================================================================================================================= | Title : SPIP 4.4...

Cadmium CMS 安全漏洞

Cadmium CMS is a content management system from Cadmium open source. A security vulnerability exists in Cadmium CMS version 0.4.9, which originates from an arbitrary file upload in /admin/content/filemanager/uploads...

EUVD-2007-3711

Malware in sbrugna...

EUVD-2006-4490

Malware in sbrugna...

EUVD-2006-1756

Malware in sbrugna...

EUVD-2025-14032

Malicious code in bioql PyPI...

CVE-2023-38330

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack...

CVE-2025-29602

flatpress 1.3.1 is vulnerable to Cross Site Scripting XSS in Administration area via Manage categories...

CVE-2025-29602

flatpress 1.3.1 is vulnerable to Cross Site Scripting XSS in Administration area via Manage categories...

FlatPress 安全漏洞

FlatPress is a lightweight, easy-to-setup flat file blogging engine from the FlatPress open source. A security vulnerability exists in FlatPress version 1.3.1, which stems from the presence of cross-site scripting in the administration area, which could lead to cross-site scripting attacks...

CVE-2025-29602

flatpress 1.3.1 is vulnerable to Cross Site Scripting XSS in Administration area via Manage categories...

CVE-2025-29602

Summary: CVE-2025-29602 affects FlatPress 1.3.1 with a stored XSS in the Administration area (Manage categories). The root cause is untrusted input handling in category management, enabling a payload stored by an admin that could affect other users. The vulnerability has a confirmed exploit refer...

CVE-2025-29602

flatpress 1.3.1 is vulnerable to Cross Site Scripting XSS in Administration area via Manage categories...

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

XWiki Platform Security Vulnerability

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that stems from not properly escaping a URL parameter in the code used to display the administration section...

CVE-2023-38330

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack...

PT-2023-26365 · Oxid · Oxid Eshop Enterprise Edition

Name of the Vulnerable Software and Affected Versions: OXID eShop Enterprise Edition versions 6.5.0 through 6.5.2 Description: The issue allows uploading files with modified headers in the administration area, enabling an attacker to create a HTTP Response Splitting attack by uploading a file wit...

CVE-2023-38330

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack...