CVE-2026-26276

creationtimestamp| type| source ---|---|--- 2026-03-06 04:00:17+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mgegfntedm22...

CVE-2026-1567

creationtimestamp| type| source ---|---|--- 2026-03-06 02:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mge7oziidi2w...

CVE-2025-66024

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

Zsoft OOP CMS BLOG 跨站请求伪造漏洞

Zsoft OOP CMS BLOG is a content management system blog platform developed by Zsoft Company in Bangladesh. Version 1.0 of Zsoft OOP CMS BLOG contains a cross-site request forgeing vulnerability. This vulnerability stems from the addUser.php file, which has cross-site request forgeing issues,...

Zsoft OOP CMS BLOG SQL注入漏洞

Zsoft OOP CMS BLOG is a content management system blog platform developed by Zsoft Company in Bangladesh. Version 1.0 of Zsoft OOP CMS BLOG has a SQL injection vulnerability. This vulnerability stems from issues with the search parameter in search.php, the pageid parameter in page.php, and the id...

CVE-2026-27967

creationtimestamp| type| source ---|---|--- 2026-03-05 17:40:11+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mgddqt3f5l2q...

CVE-2025-66024

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

CVE-2025-66024

CVE-2025-66024 affects the XWiki Blog Application UI (org.xwiki.contrib.blog:application-blog-ui) and involves a Stored XSS in the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping in versions prior to 9.15.7. An attac...

CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

CVE-2025-66024

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

EUVD-2025-208293

XWiki Blog Application home page vulnerable to Stored XSS via Post Title...

GHSA-H2XQ-H7F9-VH6C XWiki Blog Application home page vulnerable to Stored XSS via Post Title

Impact The Blog Application is vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious...

XWiki Blog Application home page vulnerable to Stored XSS via Post Title

Impact The Blog Application is vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious...

CVE-2026-27800

creationtimestamp| type| source ---|---|--- 2026-03-04 04:00:16+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mg7fhss2p32a...

CVE-2026-27757

creationtimestamp| type| source ---|---|--- 2026-03-04 01:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mg75nasnqg2m...

XWiki Platform 跨站脚本漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 9.15.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient escaping of HTML title tags when injecting blog...

PT-2026-23065

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 9.15.7 Description The XWiki blog application is susceptible to Stored Cross-Site Scripting XSS through the Blog Post Title. The issue occurs because the post title is directly inserted into the HTML tag without...

The research never stops: Zhiniang Peng’s security research story

Some security researchers discover hacking early. Others discover it accidentally. For Zhiniang Peng, it started with curiosity and cybersecurity magazines...