47 matches found
CVE-2024-32345
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...
CVE-2024-32344
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...
CMSimple 安全漏洞
CMSimple is a free content management system. A security vulnerability exists in CMSimple v5.15, which stems from a cross-site scripting XSS vulnerability in the Settings menu. An attacker can exploit this vulnerability to execute arbitrary web script or HTML code by injecting a payload into the...
PT-2024-24523 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...
CMSimple 安全漏洞
CMSimple is a free content management system. A security vulnerability exists in CMSimple v5.15, which stems from a cross-site scripting XSS vulnerability in the Settings menu. An attacker can exploit this vulnerability to execute arbitrary web script or HTML code by injecting a payload into the...
CVE-2024-32344
CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...
PT-2024-24524 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language...
WonderCMS 安全漏洞
WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the MENU parameter of the Settings section, and can be exploited by an...
CVE-2024-32345
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...
CVE-2024-32345
CMSimple v5.15 is affected by a cross-site scripting (XSS) vulnerability in the Settings menu, specifically via the Configuration parameter under Language. The underlying issue is insufficient filtering/escaping of user-supplied data in that parameter, enabling attackers to inject arbitrary web s...
CVE-2023-43356
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component...
CVE-2023-43356
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component...
Cross site scripting
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component...
PT-2023-28801 · Unknown · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. This enables the attacker t...
CVE-2023-43356
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component...
KLA61540 OSI vulnerability in Microsoft Browser
An information disclosure vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2023-36409 Related products Microsoft-Edge CVE list CVE-2023-36409 high KB list Solution Install necessary updates from t...
CVE-2022-39264
nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...
Cross site request forgery (csrf)
nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...
CVE-2022-39264 nheko vulnerable to secret poisoning using MITM on secret requests by the homeserver
nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...
CVE-2022-39264
nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...