15 matches found
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions 9.0 to 9.5.0 of Concrete CMS have security vulnerabilities. These vulnerabilities stem from stored cross-site scripting in page names within the Atomik theme. This could allow malicious editors to inject...
CVE-2026-3244
In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
GHSA-MM5F-5RQW-574F Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
In Concrete CMS below version 9.4.8, A stored Cross-site Scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
In Concrete CMS below version 9.4.8, A stored Cross-site Scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
EUVD-2026-9355
In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
CVE-2026-3244
In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
CVE-2026-3244 Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results via Page Names
In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
CVE-2026-3244
Concrete CMS versions below 9.4.8 are affected by a stored XSS in the search block, where page names and content render without HTML encoding, enabling an authenticated rogue administrator to inject JavaScript that runs when users run and view search results. The issue is documented with CVSS v4....
CVE-2026-3244 Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results via Page Names
In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
PT-2026-22862
In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...
Cross-site Scripting (XSS)
TabberNeue is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of user-supplied page names in TabberTransclude.php, allowing an XSS payload to be injected as the page name...
TabberNeue 跨站脚本漏洞
TabberNeue is an extension to StarCitizen.tools open source. It allows the Wiki to create tabs on pages. A cross-site scripting vulnerability exists in versions prior to TabberNeue 2.7.2, which stems from TabberTransclude.php not escaping user-supplied page names on output...
CVE-2023-29522
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki...
Oracle WebCenter Interaction Portal AjaxControl Component Denial of Service Vulnerability
Oracle WebCenter Interaction is an Oracle suite for creating enterprise portals, collaborative communities, portfolio applications, and social applications.Oracle WebCenter Interaction Portal is an administrative interface.AjaxControl AjaxControl is one of the Ajax control components. A denial of...
Exploit Kits Employing Obfuscation to Prevent Analysis
The creators of the Phoenix exploit kit have begun using obfuscation and other techniques to prevent security researchers and others from reverse-engineering the installation process for the kit, adopting a tactic that has become increasingly popular among attackers recently. The Phoenix exploit...