39 matches found
CI4MS 安全漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the improper storage and rendering of blacklist remark parameters into HTML attributes, potentially allowing...
CI4MS 授权问题漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained a vulnerability related to authorization issues, which allowed attackers to access sensitive system information...
CI4MS 安全漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the srcdoc attribute in Google Maps iframes not being filtered properly, which could allow attackers with administrator...
CVE-2018-25200 OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...
CVE-2023-29636
Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString...
EUVD-2023-33177
Malicious code in bioql PyPI...
EUVD-2021-32733
Malicious code in bioql PyPI...
EUVD-2021-32732
Malicious code in bioql PyPI...
CVE-2012-10042
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...
CVE-2012-10042 Sflog! CMS 1.0 Arbitrary File Upload RCE
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...
CVE-2023-29636
Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString...
PT-2023-22345
Name of the Vulnerable Software and Affected Versions ZHENFENG13 My-Blog affected versions not specified Description A cross site scripting XSS issue allows attackers to inject arbitrary web script or HTML via the title field in the "blog management" page due to the default configuration not usin...
CVE-2023-29636
Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString...
CVE-2023-29636
CVE-2023-29636 is a cross-site scripting (XSS) vulnerability in ZHENFENG13 My-Blog. The root cause is that the title field on the blog management page is not sanitized with MyBlogUtils.cleanString, enabling arbitrary script/HTML injection. Reported details are corroborated by multiple sources (NV...
mysiteforme cross-site scripting vulnerability
Mysiteforme is a permission management system. mysiteforme suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the blog tagging function of the backend blog management. An attacker could exploit the vulnerability...
mysiteforme Cross-Site Request Forgery Vulnerability
Mysiteforme is a permission management system. A cross-site request forgery vulnerability exists in mysiteforme, which stems from a lack of validation for cross-site request forgery in the backend blog administration. An attacker could use a forged malicious request to trick a victim into clickin...
CVE-2021-46026
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
CVE-2021-46026
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
Cross site scripting
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
CVE-2021-46027
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added...