Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2026/01/26 5:42 p.m.3 views

CVE-2020-36955 Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

6.4CVSS5.8AI score0.00567EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.8 views

Grav CMS cross-site scripting vulnerability

Grav CMS is an open-source file-based content management system developed by Grav. Grav CMS 1.9.18 contains a cross-site scripting vulnerability; this vulnerability stems from a persistent cross-site scripting in the page title field, which may allow for the execution of malicious scripts...

6.4CVSS5.8AI score0.00567EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-16952

Malware in sbrugna...

6.1CVSS6.3AI score0.01161EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-11577

Malware in sbrugna...

6.1CVSS6.3AI score0.00707EPSS
Exploits1References2
Snyk
Snyk
added 2024/11/18 12:45 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Page Title field of the /admin/cms/pagecontent/ endpoint due to improper user input sanitization. By submitting crafted input, an attacker can inject malicious scripts that are executed in the browse...

6.1CVSS5.2AI score0.00493EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.3 views

PT-2024-9176

Name of the Vulnerable Software and Affected Versions: django-cms versions 3.11.7 through 3.11.8 django-cms versions 4.1.2 through 4.1.3 Description: The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting XSS. This can be exploited by a...

9.3CVSS5.8AI score0.00493EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2022/01/12 12:0 a.m.7 views

PT-2022-11957 · Lorensbergs · Lorensbergs Connect2

Name of the Vulnerable Software and Affected Versions: Lorensbergs Connect2 version 3.13.7647.20190 Description: The issue concerns an XSS vulnerability that requires administrator privileges to exploit. It is performed through the Wizard editor of the application, where an administrator must ent...

4.8CVSS6AI score0.00592EPSS
Exploits1References4
OSV
OSV
added 2020/08/14 2:15 p.m.21 views

CVE-2019-7410

There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...

6.1CVSS5.4AI score
Exploits0References4
NVD
NVD
added 2020/08/14 2:15 p.m.21 views

CVE-2019-7410

There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...

6.1CVSS6AI score0.01161EPSS
Exploits0References4
Prion
Prion
added 2020/08/14 2:15 p.m.20 views

Cross site scripting

There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...

4.3CVSS5.9AI score0.01161EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/08/14 1:35 p.m.29 views

CVE-2019-7410

There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...

6AI score0.01161EPSS
Exploits0References4
CVE
CVE
added 2018/12/31 3:0 p.m.36 views

CVE-2018-19903

This CVE concerns XSLT CMS, a PHP/XML/XSLT-based content management system. The vulnerability is a Persistent XSS flaw exploited through the title field in the create/?action=items.edit&type=Page endpoint, enabling injection of script/HTML. Root cause, per the description, is improper handling/es...

6.1CVSS5.9AI score0.00707EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder