12 matches found
CVE-2025-69237 Stored XSS in Raytha CMS
Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...
CVE-2025-69237
Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...
PT-2025-53881
Name of the Vulnerable Software and Affected Versions xenioushk BWL Knowledge Base Manager versions through 1.6.3 Description The software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting XSS. This means that malicious scrip...
PT-2025-51857
A Cross-Site Request Forgery CSRF in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request...
CVE-2025-61413
A stored cross-site scripting XSS vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks...
EUVD-2017-1592
Malware in sbrugna...
CVE-2017-1000465
Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code...
Exploit for Cross-Site Request Forgery (CSRF) in Creativeitem Academy_Lms
CVE-2022-47131 Academy LMS = 5.10 CSRF / XSS Descriptio...
CVE-2023-48824
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...
CVE-2023-4059
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog...
Cross-site Scripting (XSS)
Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user input sanitization. Exploiting this vulnerability is possible via the PageName aka nodename parameter during the creation of a new page. Details Cross-site...
GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2020-63995)
GetSimple CMS is a content management system CMS written in PHP. A security vulnerability exists in GetSimple CMS version 3.3.16, which originates from allowing persistent cross-site scripting execution of "permalinks" on parameter setting pages when you create and open a new page. No details of...