Design/Logic Flaw

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...

CVE-2022-36527

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...

jfinal cms 跨站脚本漏洞

jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl , database with mysql , front-end bootstrap framework . A security vulnerability exists in jfinal cms version v5.1.0, which stems from...

Cross-site Scripting (XSS)

com.jfinal:jfinal is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute arbitrary javascript via a crafted payload injected into the keyword text field under the publish blog module...

GHSA-9PVQ-4CC7-24JG Cross-site Scripting in Jfinal CMS

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

Cross-site Scripting in Jfinal CMS

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

CVE-2022-33113

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

CVE-2022-33113

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

CVE-2022-33113

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

Jfinal CMS 跨站脚本漏洞

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS v5.1.0 version of the cross-site scripting vulnerability , the...

Kentico SQL Injection Vulnerability (CNVD-2021-22156)

Kentico is an all-in-one ASP.NET CMS that fully integrates Web content management, e-commerce, online marketing and intranet into one platform. A SQL injection vulnerability exists in the Blog module in Kentico 5.5 R2 build 5.5.3996. The vulnerability can be exploited by an attacker via the tagna...

CVE-2021-27581

The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter...

Sql injection

The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter...

BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability

Document Title: =============== BlackBoard LMS 9.1 SP14 - Title Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1901 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID VL-ID: ====================================...

Sql injection

Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to a tags.php, b list.php, c index.php, d mainindex.php, e viewpost.php, f archive.php, g control/approvecomments.php, h...

CVE-2011-5140

Affected software: DiY-CMS blog module 1.0. Vulnerability type: SQL injection at multiple endpoints via the start parameter (tags.php, list.php, index.php, main_index.php, viewpost.php, archive.php) and via month/year parameters to archive.php; also affects control/approve_comments.php, control/a...

CVE-2011-5140

Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to a tags.php, b list.php, c index.php, d mainindex.php, e viewpost.php, f archive.php, g control/approvecomments.php, h...

CVE-2012-3836

Multiple cross-site scripting XSS vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 groupname parameter in a savecategory in the users module; 2 virtualfilename, 3 branch, 4 contactperson, 5 street, 6 city, 7 province, 8 postal, 9...

CVE-2012-1227

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

CVE-2012-1227

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...