6279 matches found
CVE-2023-53952
CVE-2023-53952 affects Dotclear 2.25.3, which contains a remote code execution vulnerability exploitable by authenticated attackers through the blog post creation interface. The issue arises from allowing uploads of PHP files with a .phar extension; such uploaded files can execute PHP system comm...
CVE-2025-11747
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11747
CVE-2025-11747 affects the Colibri Page Builder WordPress plugin. The Wordfence report documents a stored cross-site scripting vulnerability in the colibri_blog_posts shortcode caused by insufficient input sanitization and lack of proper output escaping, affecting all versions up to and including...
EUVD-2025-204478
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-52435
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibri blog posts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-68386
creationtimestamp| type| source ---|---|--- 2025-12-18 23:08:03+00:00| seen| https://bsky.app/profile/potato.software/post/3macc65yxl32k 2025-12-18 23:53:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3macepn7fbv2q...
CVE-2025-68161
creationtimestamp| type| source ---|---|--- 2025-12-18 18:15:51+00:00| seen| https://seclists.org/oss-sec/2025/q4/285 2025-12-18 19:27:49+00:00| seen| https://mstdn.social/users/jschauma/statuses/115742216551427386 2025-12-18 19:28:16+00:00| seen|...
CVE-2025-64371
creationtimestamp| type| source ---|---|--- 2025-12-18 09:26:42+00:00| seen| https://gist.github.com/Darkcrai86/ef6ee82ad15d64b1f97e57ae569cd6cf 2025-12-18 10:57:20+00:00| seen| https://gist.github.com/Darkcrai86/3aa71eeca6e6d567384ccc6041062ce6...
CVE-2025-66078
creationtimestamp| type| source ---|---|--- 2025-12-18 09:04:17+00:00| seen| https://infosec.exchange/users/offseq/statuses/115739764726607735 2025-12-18 09:04:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3maaszifayo27 2025-12-18 09:27:54+00:00| seen|...
EUVD-2023-60199
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...
CVE-2023-53932
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...
CVE-2025-20393
creationtimestamp| type| source ---|---|--- 2025-12-17 17:03:45+00:00| seen| https://infosec.exchange/users/AAKL/statuses/115735906228666088 2025-12-17 17:17:20+00:00| seen| https://bsky.app/profile/pylos.co/post/3ma7645ozwk2t 2025-12-17 17:23:48+00:00| seen|...
CVE-2025-13352
Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the improper validation of plugin bot identity. An attacker can cause users to add reactions to arbitrary GitHub objects by sending crafted notification posts. Remediation Upgrade...
CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking
Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...
CVE-2025-65590
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
PT-2025-51970
Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated user can inject malicious scripts through blog entry creation. An attacker can create blog entries with JavaScript payloads that execute when other users view the compromised post. This is...
EUVD-2025-203838
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
CVE-2025-65590
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
CVE-2025-65590
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...