EUVD-2022-55971

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

CVE-2022-50946 WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

CVE-2022-50946

The CVE-2022-50946 entry concerns the WordPress plugin Netroics Blog Posts Grid 1.0, where a stored cross-site scripting (XSS) flaw exists in the handling of the post_title field and the testimonial title field. The root cause is failure to sanitize the post_title parameter, enabling an attacker ...

CVE-2022-50946

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

SQL Injection

baserCMS is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the blog post functionality, where malicious SQL may be executed in blog posts and attackers can inject crafted SQL statements to manipulate the database...

CVE-2026-34567

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories...

CVE-2026-34568

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a...

CVE-2026-34567

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog post content handling process. An attacker can execute arbitrary JavaScript in the browsers of users who view the affected blog posts...

CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Blog Post Content Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker...

EUVD-2026-18081

CI4MS: Blogs Posts Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

CVE-2026-34568

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a...

CVE-2026-34568 CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a...

CVE-2026-34568

CVE-2026-34568 affects CI4MS, a CodeIgniter 4–based CMS skeleton. The root cause is improper sanitization of user-controlled input when creating or editing blog posts, allowing a stored JavaScript payload in blog content. The payload is stored server-side and later rendered in multiple views with...

CVE-2026-34567

CI4MS (CodeIgniter 4-based CMS skeleton) prior to 0.31.0.0 is vulnerable to stored XSS in the Categories section of blog posts due to insufficient input sanitization. An attacker can inject JavaScript into Categories content, which is stored server-side and rendered unsafely when viewing blog pos...

CVE-2026-30879

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

PT-2026-29632

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a malicious JavaScript payload into blog post content, which is then stor...

EUVD-2026-17263

baserCMS has a cross-site scripting vulnerability in blog posts...

baserCMS has a cross-site scripting vulnerability in blog posts

baserCMS has a cross-site scripting vulnerability in blog posts. Target baserCMS 5.2.1 and earlier versions Vulnerability Malicious Javascript may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...