PYSEC-2026-137

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2026-23476

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...

CVE-2026-23997

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

IlchCMS 2.1.37 Cross Site Scripting

A cross site scripting vulnerability exists in IlchCMS version 2.1.37. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

TikiWiki 17.1 Cross Site Scripting

A cross site scripting vulnerability exists in TikiWiki CMS version 17.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link: https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0 Version: 2.8.0 Tested on: Raspber...

CVE-2022-50941

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking,...

CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

CVE-2021-47919

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

Simple CMS 跨站脚本漏洞

Simple CMS is an open-source content management system developed using Simple PHPScripts. Version 2.1 of Simple CMS has a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting vulnerabilities in user input parameters, which could allow remote attackers ...

CVE-2026-25046

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

EUVD-2020-30949

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

CVE-2020-37027

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

CVE-2020-37027

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

CVE-2020-37023

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

CVE-2020-37027

Technical details (affected product/version, root cause, exploit info, and fixes) are not publicly provided in the connected documents. Monitor for updates and refer to official advisories for CVE-2020-37027.

CVE-2020-37027

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

CVE-2020-37027 Sickbeard 0.1 - Remote Command Injection

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

CVE-2020-37027 Sickbeard 0.1 - Remote Command Injection

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...