GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

PT-2026-42860

Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description An unauthenticated attacker with knowledge of a public Parse Application ID can cause a denial of service by submitting a single HTTP request to any '/parse/' endpoint. The attack involv...

EUVD-2025-35798

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-61931

CVE-2025-61931 describes a stored cross-site scripting vulnerability in Pleasanter, affecting the Body, Description and Comments fields. The vulnerability allows an attacker to execute arbitrary JavaScript in a logged-in user’s browser. Multiple connected sources (including JVNDB and Red Hat/NVD ...

CVE-2025-61931

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

PT-2025-43580

Name of the Vulnerable Software and Affected Versions Pleasanter affected versions not specified Description Pleasanter contains a stored cross-site scripting issue in the Body, Description, and Comments fields. This allows an attacker to execute an arbitrary script within the web browser of a...

EUVD-2018-13317

Malware in sbrugna...

EUVD-2018-11578

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview decap-cms is an An extensible, open source, Git-based, React CMS for static sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of input fields such as body, tags, title, and description in the content preview pane. An attacker...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Title/Body source fields. An attacker can inject malicious scripts by crafting malicious input to these fields. Details...

PT-2024-15883 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: openemr/openemr version 7.0.1 Description: A stored cross-site scripting XSS issue exists in the Secure Messaging feature. An attacker can inject malicious payloads into the inputBody field, which can then be sent to other users. When the...

CVE-2024-33831

A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

PT-2024-25502 · Yapi · Yapi

Name of the Vulnerable Software and Affected Versions: yapi version 1.10.2 Description: A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

Backdrop CMS 1.23.0 Cross Site Scripting

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Date: 2023-08-21 Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body...

Backdrop CMS 1.23.0 - Stored XSS Vulnerability

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body of the post...

Backdrop CMS 1.23.0 - Stored XSS

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Date: 2023-08-21 Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body...

Symphony CMS Cross-Site Scripting Vulnerability (CNVD-2020-63998)

Symphony CMS is a PHP + MySQL based , using XML and XSLT as the backbone of the open source content management system . A cross-site scripting vulnerability exists in Symphony CMS 3.0.0. A remote attacker can exploit this vulnerability by injecting arbitrary web script or HTML into the fields'bod...

CVE-2018-20774

Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field...

CVE-2018-20774

Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field...