18 matches found
EUVD-2026-8572
GetSimpleCMS Community Edition CE version 3.3.16 contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encoding. While other fields ar...
CVE-2026-26351
GetSimpleCMS Community Edition CE versions prior to 3.3.22 3.3.16 tested contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encodin...
CVE-2026-26351
CVE-2026-26351 affects GetSimpleCMS Community Edition 3.3.16. A stored XSS flaw exists in the Theme to Components workflow (components.php): user input in the component "slug" field is written to XML and later rendered in the admin interface without proper sanitization, enabling persistent script...
CVE-2026-26351 GetSimpleCMS-CE < 3.3.22 Stored XSS via components.php
GetSimpleCMS Community Edition CE versions prior to 3.3.22 3.3.16 tested contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encodin...
CVE-2026-26351
GetSimpleCMS Community Edition CE versions prior to 3.3.22 3.3.16 tested contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encodin...
EUVD-2012-6479
Malware in sbrugna...
EUVD-2025-6860
Malicious code in bioql PyPI...
CVE-2012-6633
Cross-site scripting XSS vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field...
CVE-2024-9000
In lunary-ai/lunary before version 1.4.26, the checklists.post endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks...
CVE-2024-9000
In lunary-ai/lunary before version 1.4.26, the checklists.post endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the /admin/auth/roles component due to improper sanitization of the Slug field. An attacker can inject malicious scripts by sending crafted inputs to the affected page. Details...
CVE-2020-36414
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL slug" or "Extra" fields under the "Add Article" feature...
CMS Made Simple 跨站脚本漏洞
CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...
DEBIAN-CVE-2012-6633
Cross-site scripting XSS vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field...
CVE-2012-6633
Cross-site scripting XSS vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field...
Cross site scripting
Cross-site scripting XSS vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field...
CVE-2012-6633
Cross-site scripting XSS vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field...
CVE-2012-6633
Cross-site scripting XSS vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field...