EUVD-2025-209380

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...

CVE-2025-50228

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...

CVE-2025-50228

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...

CVE-2025-50228

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...

CVE-2025-50228

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...

CVE-2025-50228

CVE-2025-50228 affects Jizhicms v2.5.4. Multiple connected sources describe a vulnerability classified as Server-Side Request Forgery (SSRF) in the User Evaluation, Message, and Comment modules. The primary CVE notes a high-severity impact (CVSS v3.1: 9.1, CRITICAL) with network access, no user i...

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

EUVD-2026-18899

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-34229

CVE-2026-34229 affects Emlog prior to version 2.6.8, with a stored XSS in the comment module triggered via bypass of URI scheme validation. The underlying issue is a URI scheme validation bypass, allowing injection of script payloads into comments. The vulnerability is addressed in version 2.6.8 ...

emlog 跨站脚本漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.8 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site script in the comment module, which could lead to cross-site scripting attacks...

PT-2026-30264

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

CVE-2025-65442

CVE-2025-65442 describes a DOM-based XSS in the 201206030 novel system version 3.5.0. The root cause is insufficient validation/encoding of user-controllable data in the book_comment module: unfiltered input is stored in the database (book_comment.commentContent) and later rendered into the page ...

EUVD-2006-6827

Malware in sbrugna...

EUVD-2010-3094

Malware in sbrugna...

EUVD-2022-5333

Malicious code in bioql PyPI...

CVE-2020-15885

A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...