Lucene search
K

9 matches found

CVE
CVE
added 2026/04/01 9:20 p.m.9 views

CVE-2026-34559

CI4MS (CodeIgniter 4-based CMS skeleton) is affected prior to version 0.31.0.0. A stored cross-site scripting (XSS) flaw arises from improper sanitization when creating or editing blog tags, allowing an attacker to inject a malicious JavaScript payload in the tag name that is stored server-side a...

9.1CVSS5.7AI score0.00324EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/01 9:20 p.m.20 views

CVE-2026-34559 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a...

9.1CVSS0.00324EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean user-controlled input when creating or editing blog tags. Attackers could inject...

9.1CVSS5.7AI score0.00324EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/25 11:20 p.m.11 views

CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

6.5CVSS0.00174EPSS
Exploits1References3
EUVD
EUVD
added 2025/11/25 11:20 p.m.6 views

EUVD-2025-199018

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

6.5CVSS5.9AI score0.00174EPSS
Exploits1References4
CVE
CVE
added 2025/11/25 11:20 p.m.17 views

CVE-2025-65956

Summary: CVE-2025-65956 affects Formwork CMS (flat-file CMS) prior to version 2.2.0. The vulnerability is a stored cross-site scripting (XSS) in the blog tag field; unsanitized input inserted into the tag field can execute attacker-controlled scripts in the browser of any privileged user (adminis...

6.5CVSS6AI score0.00174EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48034

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

6.5CVSS6.4AI score0.00174EPSS
Exploits1References5
OSV
OSV
added 2025/11/24 10:13 p.m.3 views

GHSA-7J46-F57W-76PJ Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags

Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is...

6.5CVSS5.6AI score0.00174EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/11/24 10:13 p.m.8 views

Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags

Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is...

6.5CVSS5.6AI score0.00174EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder