37 matches found
CVE-2026-44366
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...
CVE-2026-44366
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...
EUVD-2026-30588
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...
Vvveb 跨站脚本漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the author field in comment...
EUVD-2019-20079
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2019-25672
PilusCart 1.4.1 is affected by a SQL injection in the send parameter. Unauthenticated attackers can craft POST requests to the comment submission endpoint using RLIKE-based boolean SQL payloads to extract data from the database. The available sources confirm the vulnerability and affected version...
CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2019-25672
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2026-1640
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...
CVE-2025-70886
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...
CVE-2025-70886
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...
CVE-2025-70886
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...
CVE-2019-25301
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...
CVE-2019-25301
CVE-2019-25301 describes a persistent cross-site scripting vulnerability in Millhouse-Project 1.414. The issue occurs in the comment submission functionality, where malicious scripts can be injected through the content parameter handled by the file add_comment_sql.php , allowing arbitrary scripts...
EUVD-2019-19399
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...
Millhouse-Project 跨站脚本漏洞
Millhouse-Project is a blog page developed by Thérèse Scott Rossi as an individual project. Version 1.414 of Millhouse-Project has a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting feature in the comment submission function, which may allow...
CVE-2020-37072
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...
CVE-2020-37072
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...
CVE-2025-14468
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...