GHSA-6WXC-8MGQ-W26M Weblate: Stored HTML injection in editor search preview

Impact Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. Patches...

PT-2026-32961

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

PT-2026-29597

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.79.1 Description A Cross-Site Request Forgery CSRF issue existed in the authentication process. In certain scenarios, the configured CSRF protection could be bypassed, enabling unauthorized cross-site requests. The...

CVE-2021-41279

BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the...

Formwork 跨站脚本漏洞

Formwork is Formwork open source a flat file based content management system CMS. It is used to build and manage simple websites. A cross-site scripting vulnerability exists in Formwork versions prior to 2.2.0, which stems from an uncleaned blog tag field input that could lead to a stored...

EUVD-2024-1288

Malicious code in bioql PyPI...

Open Solution QuickCMS 跨站请求伪造漏洞

Open Solution QuickCMS is an Open Solution open source content management system. A cross-site request forgery vulnerability exists in Open Solution QuickCMS version 6.8, which stems from vulnerability to cross-site request forgery attacks...

CVE-2025-30159 Kirby vulnerable to path traversal of snippet names in the `snippet()` helper

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that onl...

CVE-2024-27921

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw pose...

CVE-2024-28119

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front...

Xibo 安全漏洞

Xibo is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo that originates from a session hijacking via token exposure on a session page...

CVE-2023-4043

A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service DoS due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected. Mitigation Avoid...

UJCMS 代码问题漏洞

UJCMS is a Java open source content management system from UJCMS Open Source. A security vulnerability exists in UJCMS version 6.0.2 that stems from allowing arbitrary file uploads...

CVE-2023-25885

creationtimestamp| type| source ---|---|--- 2023-03-29 00:46:09+00:00| seen| https://t.me/cibsecurity/60963...

Strapi 安全漏洞

Strapi is an open source headless content management system CMS. Strapi is vulnerable to an operating system command injection vulnerability that originates from arbitrary command injection in the GitHub repository. No detailed vulnerability details are currently available...

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2021-76088)

PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS that stems from the failure of the website field of the product's podcast comment feature to properly...

Ljcmsshop SQL注入漏洞

LJCMS is a free and open source content management system. SQL injection vulnerability exists in LJCMS, which can be exploited by attackers to obtain sensitive database information...

Catfish CMS suffers from a file upload vulnerability (CNVD-2021-42363)

Catfish catfish CMS is open source and free PHPCMS web content management system. Catfish CMS has a file upload vulnerability. An attacker can use the vulnerability to upload a webshell and gain server privileges...

NoneCMS Cross-Site Scripting Vulnerability

NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site scripting vulnerability exists in admin/article/add.html in NoneCMS version 1.3.0. Attackers can use the name parameter to inje...

File Upload Vulnerability in Super cms v2.39 (CNVD-2021-32175)

Super CMS content management system by the SEO Research Center moonseo.cn in order to solve the problem of website optimization and research and development of a set of products, this product adopts an object-oriented approach to independent research and development of the MVC framework...