14 matches found
SEMCMS 访问控制错误漏洞
SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a access control vulnerability, which stems from an unauthorized access vulnerability in the SEMCMScopy.php file...
PT-2026-32961
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
Formwork 跨站脚本漏洞
Formwork is Formwork open source a flat file based content management system CMS. It is used to build and manage simple websites. A cross-site scripting vulnerability exists in Formwork versions prior to 2.2.0, which stems from an uncleaned blog tag field input that could lead to a stored...
Xibo 安全漏洞
Xibo is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo that originates from a session hijacking via token exposure on a session page...
Strapi 安全漏洞
Strapi is an open source headless content management system CMS. Strapi is vulnerable to an operating system command injection vulnerability that originates from arbitrary command injection in the GitHub repository. No detailed vulnerability details are currently available...
PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2021-76088)
PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS that stems from the failure of the website field of the product's podcast comment feature to properly...
File Upload Vulnerability in Super cms v2.39 (CNVD-2021-32175)
Super CMS content management system by the SEO Research Center moonseo.cn in order to solve the problem of website optimization and research and development of a set of products, this product adopts an object-oriented approach to independent research and development of the MVC framework...
Command execution vulnerability in kiteCMS backend
KiteCMS open source web content management system CMS, the system is based on the framework ThinkPHP5.1. version of the development, applicable to individuals and enterprises to quickly build stations and development needs. kiteCMS backend command execution vulnerability , attackers can exploit t...
YzmCMS has an arbitrary file download vulnerability
YzmCMS is a lightweight open source content management system based on YZMPHP. YzmCMS has an arbitrary file download vulnerability that can only be exploited by attacks to obtain sensitive information...
Yeager Cross-Site Scripting Vulnerability
Yeager is an open source content management system . Yeager suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack user sessions when malicious...
Parking Services Confirm Payment Card Breaches
Two services that allow users to reserve over the Internet offsite parking spots at airports confirmed week that they recently suffered data breaches and customer data may be at risk. Park ‘N Fly, headquartered in Atlanta, and OneStopParking, which is based in Florence, Ky, allow travelers to...
Debian Security Advisory DSA 2772-1 (typo3-src - cross-site scripting)
Markus Pieton and Vytautas Paulikas discovered that the embedded video and audio player in the TYPO3 web content management system is suspectible to cross-site-scripting. OpenVAS Vulnerability Test $Id: deb2772.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2772-1 usin...
[waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]
================================================================================ waraxe-2004-SA022 ================================================================================ Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2...
[Full-Disclosure] [waraxe-2004-SA#020 - Multiple vulnerabilities in PostNuke 0.726 Phoenix]
================================================================================ waraxe-2004-SA020 ================================================================================ Multiple vulnerabilities in PostNuke 0.726 Phoenix...