CVE-2021-29029

Bitweaver 3.1.0 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject JavaScript through the /users/edit_personal_page.php URI. Root cause is unrelated input handling in that page, per multiple CVE references. Impact is variable depending on context but ...

CVE-2021-29027

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI...

CVE-2021-29027

CVE-2021-29027 describes a cross-site scripting (XSS) vulnerability in Bitweaver v3.1.0 , where an attacker can inject JavaScript via the /users/index.php URI. The connected documents confirm Bitweaver 3.1.0 is affected and show no explicit details on the root cause, exploit conditions, or availa...

CVE-2021-29026

CVE-2021-29026 is a reported cross-site scripting (XSS) vulnerability in Bitweaver 3.1.0, exploitable via the /users/admin/permissions.php URI. The affected component is Bitweaver’s web application, with the underlying issue described as an XSS flaw that allows remote attackers to inject JavaScri...

CVE-2021-29025

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/myimages.php URI...

Bitweaver 跨站脚本漏洞

Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/admin/usersimport.php URI...

DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22965)

DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "refID" parameter...

DynPG Cross-Site Scripting Vulnerability

DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "page" parameter...

Clansphere cross-site scripting vulnerability (CNVD-2021-22962)

ClanSphere is a modular Web-CMS. A cross-site scripting vulnerability exists in Clansphere 2011.4. The vulnerability can be exploited to inject JavaScript via the "language" parameter...

Bitweaver 跨站脚本漏洞

Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/myimages.php URI...

Clansphere Cross-Site Scripting Vulnerability

ClanSphere is a modular Web-CMS. A cross-site scripting vulnerability exists in Clansphere 2011.4. The vulnerability can be exploited to inject JavaScript via the "module" parameter...

DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22966)

DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "limit" parameter...

Bitweaver 跨站脚本漏洞

Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/preferences.php URI...

Bitweaver 跨站脚本漏洞

Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/admin/useractivity.php URI...

DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22967)

DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability to inject JavaScript via a URI in /index.php...

Bitweaver 跨站脚本漏洞

Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/admin/index.php URI...

DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22968)

DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "query" parameter...

Plone 跨站脚本漏洞

Plone is an open source content management system CMS built on the Zope application server. A cross-site scripting vulnerability exists in Plone version 5.2.3, which stems from the form.widgets.sitetitle parameter not effectively filtering user input, and can be exploited by an attacker to inject...

DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22964)

DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "valueID" parameter...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter 🕵️‍♂️ Proof of Concept Vulnerable Parameter: publishontime XSS payload: 17:59'"&%alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...