12 matches found
CVE-2020-36955 Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...
Grav CMS cross-site scripting vulnerability
Grav CMS is an open-source file-based content management system developed by Grav. Grav CMS 1.9.18 contains a cross-site scripting vulnerability; this vulnerability stems from a persistent cross-site scripting in the page title field, which may allow for the execution of malicious scripts...
EUVD-2019-16952
Malware in sbrugna...
EUVD-2018-11577
Malware in sbrugna...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Page Title field of the /admin/cms/pagecontent/ endpoint due to improper user input sanitization. By submitting crafted input, an attacker can inject malicious scripts that are executed in the browse...
PT-2024-9176
Name of the Vulnerable Software and Affected Versions: django-cms versions 3.11.7 through 3.11.8 django-cms versions 4.1.2 through 4.1.3 Description: The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting XSS. This can be exploited by a...
PT-2022-11957 · Lorensbergs · Lorensbergs Connect2
Name of the Vulnerable Software and Affected Versions: Lorensbergs Connect2 version 3.13.7647.20190 Description: The issue concerns an XSS vulnerability that requires administrator privileges to exploit. It is performed through the Wizard editor of the application, where an administrator must ent...
CVE-2019-7410
There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...
CVE-2019-7410
There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...
Cross site scripting
There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...
CVE-2019-7410
There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...
CVE-2018-19903
This CVE concerns XSLT CMS, a PHP/XML/XSLT-based content management system. The vulnerability is a Persistent XSS flaw exploited through the title field in the create/?action=items.edit&type=Page endpoint, enabling injection of script/HTML. Root cause, per the description, is improper handling/es...