13 matches found
CVE-2021-47857
A flaw was found in Moodle. A remote attacker with privileges to create calendar events could exploit a persistent cross-site scripting XSS vulnerability in the calendar event subtitle field. By injecting malicious JavaScript into the subtitle track label of a crafted calendar event, the attacker...
CVE-2025-52367
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...
CVE-2025-52367
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...
CVE-2025-52367
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...
EUVD-2025-30753
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...
PT-2025-38986
Name of the Vulnerable Software and Affected Versions PivotX CMS version 3.0.0 RC 3 Description A Cross Site Scripting issue exists in PivotX CMS version 3.0.0 RC 3. This allows a remote attacker to execute arbitrary code through the subtitle field. Recommendations At the moment, there is no...
CVE-2025-52367
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...
CVE-2025-52367
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field...
CVE-2025-52367
PivotX CMS 3.0.0 RC3 is affected by a Cross Site Scripting vulnerability in the title and subtitle fields that can lead to Remote Code Execution. The root cause, per exploit reports, is unsanitized data stored during page creation via PHP serialize in modules/pages_flat.php, with the vulnerabilit...
WordPress plugin Add Subtitle跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Add Subtitle has a cross-site scripting vulnerability that stems from failure to clean up or esca...
PT-2026-3809
Name of the Vulnerable Software and Affected Versions Moodle versions prior to 3.10.4 Description A security issue exists in Moodle related to insufficient protection of the web page structure within the calendar event subtitle field. Successful exploitation of this issue could allow a remote...
JPress Cross-Site Scripting Vulnerability
JPress is a set of blogging platform developed using the Java language. A cross-site scripting vulnerability exists in JPress version 1.0-rc.5, which can be exploited to inject arbitrary web script or HTML by sending the site name, site title, or site subtitle fields to the...
PT-2018-18076 · Mojoportal · Mojoportal
Name of the Vulnerable Software and Affected Versions: mojoPortal versions prior to 2.6.0.0 Description: The issue arises from the software's failure to sanitize user-supplied input, leading to multiple persistent cross-site scripting vulnerabilities. Specifically, the Title and Subtitle fields o...