CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. There were code issues and vulnerabilities in versions of CI4MS from 0.26.0 to 0.31.8.0. These vulnerabilities stemmed from the auth filter disabling the check for banning/banned users...

CI4MS 安全漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the controller’s ability to write host parameters to the .env file without proper validation, and without stripping line...

CI4MS 安全漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the failure to immediately terminate active user sessions after accounts were disabled, potentially allowing persistent...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleanup of user inputs when creating or editing pages within the page management functionality, which...

Millhouse-Project 跨站脚本漏洞

Millhouse-Project is a blog page developed by Thérèse Scott Rossi as an individual project. Version 1.414 of Millhouse-Project has a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting feature in the comment submission function, which may allow...

EUVD-2023-58191

Malicious code in bioql PyPI...

Posts scraped data to IP address associated with other malware distribution attacks.

Published in 2021, the imblog package is a Python librarythat scrapes data from a blog page to an IP address associated with other malware distribution attacks...

PT-2025-8758 · Pypi · Imblog

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a Python library that scrapes data from a blog page to an IP address associated with other malware distribution attacks. Recommendations: At the moment, there is no...

CVE-2023-5919

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-5919 SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-5919 SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

PT-2023-32418 · Sourcecodester · Sourcecodester Company Website Cms

Name of the Vulnerable Software and Affected Versions: SourceCodester Company Website CMS version 1.0 Description: A vulnerability was found in the Create Blog Page component, specifically affecting some unknown functionality of the file /dashboard/createblog. This issue leads to unrestricted...

Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "WPBot Lite - Setting -...

Unrestricted file upload

File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page...

CVE-2021-35290

File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page...

SUSE CVE-2009-0502

Cross-site scripting XSS vulnerability in blocks/html/blockhtml.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when t...

CVE-2020-25093

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel...

CVE-2019-10073

The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616...

buywords.de XSS vulnerability

Open Bug Bounty ID: OBB-606887 Description| Value ---|--- Affected Website:| buywords.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Monstra CMS 3.0.4 Cross Site Scripting

Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Date: 2018-04-14 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: php 5.6, apache2.2.29, macos 10.12.6 CVE...