CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

CVE-2025-15262 BiggiDroid Simple PHP CMS Site Logo edit.php unrestricted upload

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

CVE-2025-15262 BiggiDroid Simple PHP CMS Site Logo edit.php unrestricted upload

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

CVE-2025-15262

CVE-2025-15262 affects BiggiDroid Simple PHP CMS 1.0, in the Site Logo Handler component (file /admin/edit.php). Manipulating the image argument reportedly yields unrestricted upload, enabling remote exploitation. Multiple sources confirm the exploit has been released publicly and may be exploite...

PT-2025-54208

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

Exploit for CVE-2025-15495

CVE-2025-15495 - Arbitrary File Upload Leading to Remote Code...

EUVD-2019-17830

Malware in sbrugna...

User-Friendly SVN 安全漏洞

User-Friendly SVN USVN is a set of web-based configuration tools for the Subversion codebase from the USVN team. The tool provides features such as creating new projects, managing lists of authorized users, and more. A security vulnerability exists in versions of User-Friendly SVN prior to v1.0.1...

PHPVibe Cross-Site Scripting Vulnerability

PHPVibe is a free video management system from PHPVibe Inc. A cross-site scripting vulnerability exists in PHPVibe version 11.0.46, which stems from the fact that manipulation of the parameter site-logo-text can lead to cross-site scripting attacks...

PT-2024-37372 · Phpvibe · Phpvibe

Name of the Vulnerable Software and Affected Versions: PHPVibe version 11.0.46 Description: A problematic issue has been found in the Global Options Page component, specifically in the file functionalities.global.php. The manipulation of the site-logo-text argument leads to cross-site scripting...

Cross site scripting

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

CVE-2023-31698

Bludit v3.14.1 is vulnerable to a Stored XSS flaw via an SVG file uploaded as the site logo. Exploitation requires authentication (admin login) and is demonstrated by authenticated XSS exploits (e.g., Exploit-DB entry for CVE-2023-31698). The root cause is insufficient validation/escaping of user...

PT-2023-23419 · Bludit · Bludit

Name of the Vulnerable Software and Affected Versions: Bludit version 3.14.1 Description: The issue is related to Stored Cross Site Scripting XSS via an SVG file on the site logo. It's noted that the product's security model trusts users to insert arbitrary content, as they cannot create their ow...

CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

DiliCMS Cross-Site Scripting Vulnerability (CNVD-2019-07940)

DiliCMS is a content management system CMS based on Codelgniter. A cross-site scripting vulnerability exists in the site logo text box in DiliCMS version 2.4.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2019-8440

An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox aka site logo of "System setting-site setting" of admin/index.php, aka sitelogo...

CVE-2019-8440

An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox aka site logo of "System setting-site setting" of admin/index.php, aka sitelogo...