CVE-2026-1136 lcg0124 BootDo ContentController save cross site scripting

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title causes cross site scripting. Remote exploitatio...

BootDo code injection vulnerability

BootDo is a backend management system framework developed by lcg0124. lcg0124 BootDo has a code injection vulnerability, which stems from incorrect handling of parameters in the file /blog/bContent/save, specifically those related to content/author/title. This vulnerability may lead to cross-site...

SRC-2025-0007 : Samsung MagicINFO 9 Server MagicInfoWebAuthorClient ContentSaveServiceImpl writeXmlToFile File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...

CVE-2025-2624

A vulnerability was found in westboy CicadasCMS 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/cms/content/save. The manipulation of the argument content/fujian/laiyuan leads to sql injection. The attack may be launched remotely. The...

CVE-2025-2623

A vulnerability was found in westboy CicadasCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/cms/content/save. The manipulation of the argument title/content/laiyuan leads to cross site scripting. The attack can be launch...

CVE-2018-19544

JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...

CVE-2018-19544

JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...

JEECMS Cross-Site Request Forgery Vulnerability (CNVD-2018-26785)

JEECMS is a set of China Jinlei technology development company using Java language development of content management system CMS. A cross-site request forgery vulnerability exists in JEECMS version 9.3. A remote attacker can exploit this vulnerability to add news with the help of...

dotCMS 'stName' Parameter SQL Injection Vulnerability

dotCMS is a content management system CMS developed in Java. A SQL injection vulnerability exists in the 'stName' parameter in dotCMS versions prior to 3.3.2, which allows remote attackers to execute arbitrary SQL commands via the stName parameter in api/content/save/1...