CVE-2025-45893

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded...

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

CVE-2025-45892

OpenCart 4.1.0.4 is affected by a Stored XSS via the blog editor. The root cause is input in the blog editor not being properly sanitized/escaped before rendering, enabling injection of arbitrary JavaScript in user sessions. A PoC exists (PacketStorm reference), and some sources note there is no ...

OpenCart 安全漏洞

OpenCart is an open source e-commerce system by the OpenCart team in China. The system provides modules for product reviews, product ratings, and product additions. A security vulnerability exists in OpenCart version 4.1.0.4, which stems from improper blog editor input cleanup and could lead to...

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

PT-2025-30910 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: OpenCart version 4.1.0.4 Description: OpenCart version 4.1.0.4 is susceptible to a Stored Cross-Site Scripting XSS attack through the blog editor. The issue occurs because input within the blog editor is not adequately sanitized or escaped...

Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

GHSA-269J-37WW-CMH3 Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the title field of the component admin/blog/blogpost/add. An attacker can execute arbitrary web scripts or HTML by maliciously formatted blog post. Details Cross-site scripting or XSS is a code vulnerability...

CVE-2025-50481

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

PYSEC-2025-137

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

PYSEC-2025-137

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

PT-2025-30602 · Unknown · Mezzanine Cms

Name of the Vulnerable Software and Affected Versions: Mezzanine CMS version 6.1.0 Description: A cross-site scripting XSS vulnerability exists in the /blog/blogpost/add component of Mezzanine CMS. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into ...

CVE-2025-50481

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2025-50481

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2025-50481

Mezzanine CMS v6.1.0 contains a stored XSS vulnerability in the /blog/blogpost/add component. The root cause is insufficient input validation that allows injecting crafted payloads into blog posts to execute arbitrary scripts. Exploit activity is evidenced in exploit databases (e.g., Exploit-DB, ...

One Year of Warm Migrations

...

CVE-2025-7503

creationtimestamp| type| source ---|---|--- 2025-07-15 17:42:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3ltzh7v7v2f24 2025-07-21 00:52:15+00:00| seen| https://bsky.app/profile/nelnia.bsky.social/post/3lugrljszkk2x...

@altipla/directus-sdk-utils (=0.7.2), @bicou/directus-extension-imagga (>=1.6.3 <=1.6.6) +9 more potentially affected by CVE-2025-53889 via directus (>=10.10.0 <=11.8.0)

directus NPM version =10.10.0, =1.6.3, =11.16.1-depup.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 - lease-directus-template =0.0.0 Source cves: CVE-2025-53889 Source advisory: OSV:GHSA-7CVF-PXGP-42FC...