Subrion Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Subrion CMS allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069...

GHSA-WRRJ-R2J4-969W Umbraco CMS vulnerable to stored XSS

Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...

Umbraco CMS vulnerable to stored XSS

Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...

Croogo vulnerable to XSS in Blog field

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...

Subrion CMS vulnerable to CSRF in blog/delete

Subrion CMS is vulnerable to cross-site request forgery in blog/delete/. This has been patched in version 4.2.1...

EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery

Overview EC-CUBE plugin "Easy Blog for EC-CUBE4" provided by COREMOBILE Co. Ltd. contains a cross-site request forgery vulnerability CWE-352. Furukawa Natsumi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

EMEAR Monthly Talos Update: Wiper malware

Cisco Talos and Cisco Secure are launching a new video series to fill you in on the latest cybersecurity trends. We’re thrilled to launch our first video in the new Talos Threat Update series, which you can watch above or over at this link, where Martin Lee and Hazel Burton talk about wiper... Th...

GHSA-M34M-FGH4-V7CX Moodle External blog editing takeover

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link...

Moodle External blog editing takeover

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link...

Moodle Cross-site Scripting

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...

GHSA-GQRP-QHV8-PHRV Moodle Cross-site Scripting

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...

October CMS - RainLab Blog Plugin XSS

The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

GHSA-96MH-7XPR-QCGW October CMS - RainLab Blog Plugin XSS

The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

Moodle does not enforce capability requirements for reading blog comments

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

GHSA-WP3G-PR4H-Q6VV Moodle does not enforce capability requirements for reading blog comments

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2015-2944 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2015-2944 Source advisory: OSV:GHSA-RXVX-44W5-44R7...

EC-CUBE Easy Blog for EC-CUBE4 跨站请求伪造漏洞

EC-CUBE Easy Blog for EC-CUBE4 is a component of the content management system from EC-CUBE Japan. EC-CUBE Easy Blog for EC-CUBE4 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from insufficient authentication of the source of HTTP requests. A remote,...

JVN#46241173: EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery

EC-CUBE plugin "Easy Blog for EC-CUBE4" provided by COREMOBILE Co. Ltd. contains a cross-site request forgery vulnerability CWE-352. Impact If a site administrator who is logging in to the management screen of EC-CUBE on which the plug-in is installed accesses a specially crafted page, a blog...

Sourcecodester Fantastic Blog CMS SQL Injection Vulnerability (CNVD-2022-77952)

SourceCodester Fantastic Blog CMS is an application. Absolutely brilliant web content management system for blogs/posts. sourcecodester Fantastic Blog CMS version 1.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability to inject queries in /fantasticblog/single.php via the ...

WordPress Sitemap by click5 plugin存在未明漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Sitemap by click5 plugin version 1.0.36 has a security vulnerability that could be exploite...