66 matches found
CVE-2022-50905 e107 CMS v3.2.1 - Reflected XSS via Comment Flow
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...
EUVD-2025-204761
wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprsmice located in src/decodeaprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-9501
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...
CVE-2025-60859
Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...
EUVD-2022-28814
Malicious code in bioql PyPI...
CVE-2025-9512
The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...
Linux Distros Unpatched Vulnerability : CVE-2022-24585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or...
Linux Distros Unpatched Vulnerability : CVE-2021-39918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starti...
CVE-2022-23889
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...
PT-2025-19959 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.3 Description: A SQL injection issue was discovered in the admin comment news.php component. Recommendations: For SeaCMS version 13.3, update to a version that fixes the SQL injection vulnerability in the admin comment...
Apache CloudStack 安全漏洞
Apache CloudStack is a suite of Infrastructure-as-a-Service IaaS cloud computing platforms from the Apache USA Foundation. The platform is primarily used to deploy and manage large networks of virtual machines. A security vulnerability exists in Apache CloudStack version 4.16.0 that stems from th...
The vulnerability in the implementation of the deleteComment method in the comments module of the CMS system Netcat allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the deleteComment method in the comments module of the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected information...
CVE-2024-28228
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible...
UBUNTU-CVE-2024-25983
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...
WordPress Plugin Honeypot for WP Comment Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Self XSS when sending HTML as a comment in the Deck app
None...
CVE-2023-41161
Multiple stored cross-site scripting XSS vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab...
SAP Application Interface Framework 跨站脚本漏洞
SAP Application Interface Framework SAP AIF is an application interface framework from SAP, Germany. A security vulnerability exists in SAP Application Interface Framework ODATA service versions 600 and 700, which allows an authorized attacker to enter a link or title with custom CSS classes into...
SUSE CVE-2016-5704
Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...