3796 matches found
GHSA-X577-GCC9-9XJJ Concrete CMS Stored XSS in Layout Preset Name
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...
CVE-2023-48650
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...
CVE-2023-48650
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...
CVE-2023-48650
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...
Cross site scripting
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...
PortlandLabs Concrete CMS Security Vulnerability
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A security vulnerability exists in Concrete CMS prior to version 9.2.3, which stems from a stored cross-site scripting attack via Layout Preset...
WordPress Plugin AMP for WP Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CentOS 9 : libmicrohttpd-0.9.72-5.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libmicrohttpd-0.9.72-5.el9 build changelog. - GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the...
Withdrawn Advisory: Kirby CMS HTML injection vulnerability
Withdrawn Advisory This advisory has been withdrawn because the vendor reports that some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur. Original Advisory An HTML injection...
GHSA-QV4X-V2V4-F8P9 Withdrawn Advisory: Kirby CMS HTML injection vulnerability
Withdrawn Advisory This advisory has been withdrawn because the vendor reports that some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur. Original Advisory An HTML injection...
CVE-2024-26484
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
Design/Logic Flaw
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2024-26484
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
CVE-2024-26484
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
WEBIGniter 28.7.23 Cross Site Scripting
Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting XSS Exploit Author: Sagar Banwa Date: 19/10/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Tested on: Windows 10/Kali Linux CVE :...