354 matches found
CVE-2021-47981
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...
CVE-2021-47981
CVE-2021-47981 affects Quick.CMS 6.7. It describes a cross-site scripting vulnerability in the sliders form that can be exploited when an authenticated user submits an XSS payload via the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to cau...
OpenSolution Quick.CMS 跨站脚本漏洞
OpenSolution Quick.CMS is a lightweight website content management system developed by the Polish company OpenSolution. Version 6.7 of OpenSolution Quick.CMS contains a cross-site scripting vulnerability. This vulnerability stems from a cross-site scripting flaw in the sliders form, allowing...
CVE-2021-47968
Podcast Generator 3.1 is vulnerable to persistent cross-site scripting, allowing authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the longdescription parameter. Attackers can inject script tags through episode creation or editing requests to execute...
Podcast Generator 跨站脚本漏洞
Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.1 of Podcast Generator has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting issue, which may allow authenticated attackers to inject...
SSH MCP Server 注入漏洞
SSH MCP Server is a tool developed by Tufan Tunç for remotely executing Shell commands via SSH. Versions of SSH MCP Server 1.5.0 and earlier have a vulnerability due to improper handling of the Description parameter in the shell.write function of the src/index.ts file, which may lead to command...
EUVD-2026-22824
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Age Verification & Identity Verification by Token of Trust plugin <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via 'description' Parameter vulnerability discovered by Teerachai Somprasong in WordPress Plugin Age Verification & Identity Verification by Token of Trust versions = 3.32.3...
CVE-2026-2834
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2834
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2834 Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2834 Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2834
The CVE concerns the WordPress plugin “Age Verification & Identity Verification by Token of Trust” (Token of Trust) with stored cross-site scripting via the description parameter in all versions up to 3.32.3. The vulnerability results from insufficient input sanitization and output escaping, allo...
CVE-2026-39941
ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...
ChurchCRM 安全漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the Name and Description parameters by the /PropertyTypeEditor.php endpoint, which could lead to SQL...
GHSA-XQM9-6QMM-XRQH Feehi CMS has authenticated stored cross-site scripting (XSS) vulnerabilities via the Permissions module
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
EUVD-2026-19344
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
Cross-site Scripting (XSS)
Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Group, Category, or Description parameters in the Permissions module. An attacker can execute arbitrary web scripts or HTML by injecting crafted payloads into...
CVE-2026-31354
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
CVE-2026-31354
Feehi CMS v2.1.1 has multiple authenticated stored XSS in the Permissions module. The vulnerability arises from accepting crafted payloads in the Group, Category, or Description parameters, allowing execution of arbitrary web scripts/HTML by authenticated users who view affected content. The prov...