CVE-2020-15276

CVE-2020-15276 affects baserCMS prior to version 4.4.1. The vulnerability is a Cross-Site Scripting issue in the blog comment component, where entering a crafted nickname in blog comments can cause arbitrary JavaScript execution. The issue is resolved in version 4.4.1. Affected software: baserCMS...

CVE-2020-15156

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation...

CVE-2020-15156

CVE-2020-15156 affects nodebb-plugin-blog-comments prior to version 0.7.0. The root cause is lack of CSRF validation, enabling an authenticated user to be exploited for cross-site scripting that could cause a third party to post on their behalf on the forum. The issue is documented across multipl...

CVE-2020-12472

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

CVE-2020-12472

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

Cross site scripting

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

CVE-2020-12472

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

Concrete5 Comments on Enumeration Vulnerability

concrete5 is an open source content management system CMS for publishing content on the World Wide Web and intranet. A comment enumeration vulnerability exists in tools/conversations/viewajax.php in Concrete5 before 8.3.0. An unauthenticated user can exploit this vulnerability by posting a reques...

Shopify: Stored XSS in blog comments through Shopify API

Hi there! As far I understand the Shopify Shop have blogs which allow users to comment on blog posts, however the comments with HTML content automatically gets sanitised and then posted to avoid XSS issue. However using the API for comment modification, any application with comment permission can...

CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

UBUNTU-CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

Cross site request forgery (csrf)

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

CVE-2013-2082

CVE-2013-2082 affects Moodle: versions up to 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 do not enforce capability requirements for reading blog comments, allowing remote attackers to obtain sensitive information via a crafted request. Root cause: missing capability ch...

CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

Disqus Blog Comments - Blind SQL Injection

:----------------------------------------------------------------------------------------------------------------------------------------: Blog Comments Powered By Disqus - Sql Injection...

Disqus Blog Comments SQL Injection

:----------------------------------------------------------------------------------------------------------------------------------------: Blog Comments Powered By Disqus - Sql Injection...

Disqus Blog Comments - Blind SQL Injection

Disqus Blog Comments - Blind SQL Injection :----------------------------------------------------------------------------------------------------------------------------------------: Blog Comments Powered By Disqus - Sql Injection...

Disqus Blog Comments Blind SQL Injection Vulnerability

Exploit for php platform in category web applications :----------------------------------------------------------------------------------------------------------------------------------------: Blog Comments Powered By Disqus - Sql Injection...

Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if...

Ninja Blog 4.8 (CSRF/HTML Injection) Vulnerability

No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can...