47 matches found
Enhavo CMS Security Vulnerability
Enhavo CMS is a content management system from Enhavo. A security vulnerability exists in Enhavo CMS version v0.13.1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the Undertitle text field...
CVE-2024-25875
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...
PT-2024-21179 · Unknown · Enhavo Cms
Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the Header module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. This enables attackers to...
PT-2024-21180 · Unknown · Enhavo Cms
Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the Header module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. Recommendations: For Enhavo CMS...
CVE-2024-25873
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
CVE-2024-25875
CVE-2024-25875 is an XSS vulnerability in the Header module of Enhavo CMS v0.13.1, exploitable via crafted input in the Undertitle text field. Affected component: Undertitle handling in the Header module; root cause: insufficient input validation/escaping in Undertitle processing as described acr...
CVE-2024-25873
Enhavo v0.13.1 contains an HTML injection vulnerability in the Blockquote module’s Author text field that can execute arbitrary code via a crafted payload. Public sources identify the affected component (Author field in Blockquote) and the impact (arbitrary code execution). No explicit patches ar...
CVE-2024-25875
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
Enhavo CMS Security Vulnerability
Enhavo CMS is a content management system from Enhavo Inc. A security vulnerability exists in Enhavo CMS version v0.13.1, which stems from the presence of an HTML injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted payload...
CVE-2024-25874
A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...
Enhavo CMS Security Vulnerability
Enhavo CMS is a content management system from Enhavo. A security vulnerability exists in Enhavo CMS version v0.13.1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the Create Tag text field...
PT-2024-21178 · Unknown · Enhavo Cms
Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the New/Edit Article module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. Recommendations: F...
PT-2024-21177 · Enhavo · Enhavo
Name of the Vulnerable Software and Affected Versions: Enhavo version 0.13.1 Description: The issue is related to an HTML injection vulnerability in the Author text field under the Blockquote module. This allows attackers to execute arbitrary code via a crafted payload. Recommendations: For Enhav...
CVE-2024-25876
Enhavo CMS v0.13.1’s Header module is vulnerable to Cross‑Site Scripting (XSS) via a crafted payload injected into the Title field. The root cause is inadequate sanitization of user-supplied input in Title, enabling execution of arbitrary scripts in the affected context. Public advisories and vul...
CVE-2024-25875
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
CVE-2024-25873
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
CVE-2024-25874
A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...
CVE-2024-25874
CVE-2024-25874 is an XSS in Enhavo CMS v0.13.1, exposed in the New/Edit Article module via the Create Tag field. The vulnerability allows execution of arbitrary scripts/HTML when a crafted payload is injected into that field. Public details confirm the affected software/component and impact, but ...