CVE-2026-30879

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

EUVD-2026-17745

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting XSS in structured text mentions, primarily affecting legacy profile post content. An attacker can inject malicious scripts through crafted mentions that are stored and executed when other users view the content...

CVE-2026-35057 XenForo Stored Cross-Site Scripting via Structured Text Mentions

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting XSS in structured text mentions, primarily affecting legacy profile post content. An attacker can inject malicious scripts through crafted mentions that are stored and executed when other users view the content...

CVE-2026-35057

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting XSS in structured text mentions, primarily affecting legacy profile post content. An attacker can inject malicious scripts through crafted mentions that are stored and executed when other users view the content...

CVE-2026-35057

XenForo is affected in versions prior to 2.3.10 and prior to 2.2.19. The vulnerability is a stored XSS in structured text mentions, primarily impacting legacy profile post content. An attacker can inject malicious scripts via crafted mentions that are stored and executed when other users view the...

CVE-2026-35057 XenForo Stored Cross-Site Scripting via Structured Text Mentions

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting XSS in structured text mentions, primarily affecting legacy profile post content. An attacker can inject malicious scripts through crafted mentions that are stored and executed when other users view the content...

CVE-2026-35055

XenForo is vulnerable to cross-site scripting (XSS) via lightbox usage in posts in versions before 2.3.9 and before 2.2.18. An attacker can inject scripts that execute when users interact with post content displayed in the lightbox. The issue is reported across multiple sources (including CVE-202...

CVE-2026-35055 XenForo Cross-Site Scripting via Lightbox in Posts

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

CVE-2026-35055 XenForo Cross-Site Scripting via Lightbox in Posts

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

PT-2026-29432

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting XSS in structured text mentions, primarily affecting legacy profile post content. An attacker can inject malicious scripts through crafted mentions that are stored and executed when other users view the content...

PT-2026-29473

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...

PT-2026-29632

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a malicious JavaScript payload into blog post content, which is then stor...

Xenforo 跨站脚本漏洞

Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.9 and 2.2.18 had a cross-site scripting vulnerability. This vulnerability stemmed from the use of lightboxes in posts, which allowed for cross-site scripting attacks, potentially enabling attackers to...

PT-2026-29430

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

CVE-2025-71282

creationtimestamp| type| source ---|---|--- 2026-03-31 23:16:40+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2025-71282 2026-04-01 03:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mifp722gld2c 2026-04-01 03:18:10+00:00| seen|...

CVE-2025-71281

creationtimestamp| type| source ---|---|--- 2026-03-31 23:16:40+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2025-71281 2026-04-01 02:24:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mifn7345oc27 2026-04-01 03:14:55+00:00| seen|...

EUVD-2026-17263

baserCMS has a cross-site scripting vulnerability in blog posts...

GHSA-JMQ3-X8Q7-J9QM baserCMS has a cross-site scripting vulnerability in blog posts

baserCMS has a cross-site scripting vulnerability in blog posts. Target baserCMS 5.2.1 and earlier versions Vulnerability Malicious Javascript may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...