SQL Injection in Fork CMS

Fork CMS is vulnerable to SQL injection through marking blog comments on bulk as spam in versions prior to 5.11.1...

GHSA-RR8M-29G8-8CGC SQL Injection in Fork CMS

Fork CMS is vulnerable to SQL injection through marking blog comments on bulk as spam in versions prior to 5.11.1...

CVE-2022-1064

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-1064

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

Sql injection

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-1064 SQL injection through marking blog comments on bulk as spam in forkcms/forkcms

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-1064 SQL injection through marking blog comments on bulk as spam in forkcms/forkcms

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

forkcms SQL注入漏洞

forkcms is an application. A CMS. forkcms version 5.11.1 previously contained a SQL injection vulnerability that stemmed from a lack of validation of externally entered SQL statements in the ids parameter of blog comments. An attacker could use this vulnerability to execute illegal SQL commands t...

SQL injection through marking blog comments on bulk as spam

Description the comments ids aren't checked and vulnerable for SQL injection Proof of Concept...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists in saveCommentEdit function of AdminCommentController.php because this allows HTML tags in the blog comments which allows a malicious attacker to inject and execute html payloads...

Microweber 代码注入漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber before 1.3, which stems from t...

Improper Neutralization of Special Elements Used in a Template Engine

Description The Microweber application allows HTML tags in the "Blog Comments" which can be exploited by Injecting HTML payloads. Proof of Concept 1.Open any blog in which comment is allowed. 2.Insert your html code in code block. e.g., Hurry Up!Go to https://evil.com and get free $1000 in your...

CVE-2021-40106

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field...

CVE-2021-40106

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field...

Cross site scripting

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field...

CVE-2021-40106

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field...

CVE-2021-40106

Concrete CMS before 8.5.6 is affected by an unauthenticated stored XSS in blog comments via the website field. The root cause is insufficient sanitization/handling of user input in the website field for blog comments. Impact is described as stored XSS with potential client-side code execution; ex...

CVE-2020-15276

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1...

CVE-2020-15276

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1...

Cross site scripting

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1...