15 matches found
EUVD-2026-24073
Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...
CVE-2026-3317
Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...
CVE-2026-3317
CVE-2026-3317 is a reflected XSS vulnerability in Navigate Content Management System affecting the /blog endpoint. The root cause is unsanitized user input via designed query parameters, leading to unsafe HTML rendering and the potential execution of JavaScript in a victim’s browser. The issue is...
CVE-2026-3317 Reflected Cross-Site Scripting in Navigate CMS application
Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...
CVE-2026-3317 Reflected Cross-Site Scripting in Navigate CMS application
Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...
CVE-2026-3317
Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...
Navigate Content Management System 跨站脚本漏洞
Navigate Content Management System is a website content management system developed by the Spanish company Navigate. Navigate Content Management System has a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of user inputs at the blog endpoint, which may lead to...
PT-2026-33923
Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...
CVE-2026-2735
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2023-3690
A vulnerability, which was classified as critical, has been found in Bylancer QuickOrder 6.3.7. Affected by this issue is some unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be launched...
CVE-2023-3687
A vulnerability was found in Bylancer QuickVCard 2.1. It has been rated as critical. This issue affects some unknown processing of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be initiated remotely. The identifier...
PT-2023-25728 · Unknown · Bylancer Quickai Openai
Name of the Vulnerable Software and Affected Versions: Bylancer QuickAI OpenAI version 3.8.1 Description: A critical issue affects the GET Parameter Handler component, specifically the file /blog, where manipulation of the s argument leads to sql injection. This issue can be initiated remotely. T...
PT-2023-25731 · Bylancer · Bylancer Quickvcard
Name of the Vulnerable Software and Affected Versions: Bylancer QuickVCard version 2.1 Description: A critical issue affects the processing of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be initiated remotely. Th...
PT-2023-25736 · Bylancer · Bylancer Quickqr
Name of the Vulnerable Software and Affected Versions: Bylancer QuickQR version 6.3.7 Description: A critical issue was found in the GET Parameter Handler component of the /blog file, where the manipulation of the s argument leads to sql injection. This issue can be exploited remotely. The vendor...
PT-2023-25737 · Unknown · Bylancer Quickorder
Name of the Vulnerable Software and Affected Versions: Bylancer QuickOrder version 6.3.7 Description: A critical issue has been found in the GET Parameter Handler component of the /blog file, where the manipulation of the s argument leads to sql injection. This issue can be exploited remotely. Th...