Lucene search
+L

47 matches found

CNNVD
CNNVD
added 2024/02/22 12:0 a.m.4 views

Enhavo CMS Security Vulnerability

Enhavo CMS is a content management system from Enhavo. A security vulnerability exists in Enhavo CMS version v0.13.1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the Undertitle text field...

6.1CVSS6.7AI score0.00424EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/02/22 12:0 a.m.22 views

CVE-2024-25875

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

5.7AI score0.00424EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.12 views

PT-2024-21179 · Unknown · Enhavo Cms

Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the Header module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. This enables attackers to...

6.1CVSS6.2AI score0.00424EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.6 views

PT-2024-21180 · Unknown · Enhavo Cms

Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the Header module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. Recommendations: For Enhavo CMS...

6.1CVSS6.3AI score0.00443EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2024/02/22 12:0 a.m.20 views

CVE-2024-25873

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

8.2AI score0.00482EPSS
Exploits1References2
CVE
CVE
added 2024/02/22 12:0 a.m.3793 views

CVE-2024-25875

CVE-2024-25875 is an XSS vulnerability in the Header module of Enhavo CMS v0.13.1, exploitable via crafted input in the Undertitle text field. Affected component: Undertitle handling in the Header module; root cause: insufficient input validation/escaping in Undertitle processing as described acr...

6.1CVSS5.6AI score0.00424EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4047 views

CVE-2024-25873

Enhavo v0.13.1 contains an HTML injection vulnerability in the Blockquote module’s Author text field that can execute arbitrary code via a crafted payload. Public sources identify the affected component (Author field in Blockquote) and the impact (arbitrary code execution). No explicit patches ar...

5.4CVSS8.1AI score0.00482EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.25 views

CVE-2024-25875

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

5.7AI score0.00424EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.39 views

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

5.7AI score0.00443EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.4 views

Enhavo CMS Security Vulnerability

Enhavo CMS is a content management system from Enhavo Inc. A security vulnerability exists in Enhavo CMS version v0.13.1, which stems from the presence of an HTML injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted payload...

5.4CVSS7.8AI score0.00482EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/02/22 12:0 a.m.12 views

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

5.2AI score0.00397EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.6 views

Enhavo CMS Security Vulnerability

Enhavo CMS is a content management system from Enhavo. A security vulnerability exists in Enhavo CMS version v0.13.1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the Create Tag text field...

5.4CVSS6.7AI score0.00397EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.7 views

PT-2024-21178 · Unknown · Enhavo Cms

Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the New/Edit Article module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. Recommendations: F...

5.4CVSS6AI score0.00397EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.10 views

PT-2024-21177 · Enhavo · Enhavo

Name of the Vulnerable Software and Affected Versions: Enhavo version 0.13.1 Description: The issue is related to an HTML injection vulnerability in the Author text field under the Blockquote module. This allows attackers to execute arbitrary code via a crafted payload. Recommendations: For Enhav...

5.4CVSS8.1AI score0.00482EPSS
Exploits1References7
CVE
CVE
added 2024/02/22 12:0 a.m.5618 views

CVE-2024-25876

Enhavo CMS v0.13.1’s Header module is vulnerable to Cross‑Site Scripting (XSS) via a crafted payload injected into the Title field. The root cause is inadequate sanitization of user-supplied input in Title, enabling execution of arbitrary scripts in the affected context. Public advisories and vul...

6.1CVSS5.6AI score0.00443EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/02/22 12:0 a.m.14 views

CVE-2024-25875

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

6.1CVSS5.9AI score0.00424EPSS
Exploits1References4
OSV
OSV
added 2024/02/22 12:0 a.m.9 views

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

6.1CVSS5.9AI score0.00443EPSS
Exploits1References4
OSV
OSV
added 2024/02/22 12:0 a.m.11 views

CVE-2024-25873

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

5.4CVSS8.1AI score0.00482EPSS
Exploits1References4
OSV
OSV
added 2024/02/22 12:0 a.m.10 views

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

5.4CVSS5.2AI score0.00397EPSS
Exploits1References4
CVE
CVE
added 2024/02/22 12:0 a.m.4111 views

CVE-2024-25874

CVE-2024-25874 is an XSS in Enhavo CMS v0.13.1, exposed in the New/Edit Article module via the Create Tag field. The vulnerability allows execution of arbitrary scripts/HTML when a crafted payload is injected into that field. Public details confirm the affected software/component and impact, but ...

5.4CVSS5.6AI score0.00397EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder