DEBIAN-CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

CVE-2026-32734

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...

GHSA-677C-XV24-CRGX baserCMS is Vulnerable to Cross-site Scripting

baserCMS has DOM-based cross-site scripting in tag creation. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious JavaScript may be executed when creating a tag. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

baserCMS is Vulnerable to Cross-site Scripting

baserCMS has DOM-based cross-site scripting in tag creation. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious JavaScript may be executed when creating a tag. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

EUVD-2026-17269

baserCMS is Vulnerable to Cross-site Scripting...

Cross-site Scripting (XSS)

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag creation process. An attacker can execute arbitrary scripts in the context of the user's browser by crafting malicious input...

CVE-2026-32734

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...

CVE-2026-32734 baserCMS: Multiple vulnerabilities in baserCMS

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...

CVE-2026-32734 baserCMS: Multiple vulnerabilities in baserCMS

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...

CVE-2026-32734 baserCMS: Multiple vulnerabilities in baserCMS

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...

CVE-2026-32734

CVE-2026-32734 concerns baserCMS, a website development framework. According to the provided documents, prior to version 5.2.3 baserCMS is vulnerable to a DOM-based cross-site scripting (XSS) issue in tag creation. The vulnerability is described as allowing malicious JavaScript execution in the b...

PT-2026-29153

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...

baserCMS 跨站脚本漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 had a cross-site scripting vulnerability, which originated from DOM-based cross-site scripting during tag creation...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 18.7.6, 18.8.6, a...

GO-2025-4263 Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

Gitea allows XSS because the search input box for creating tags and branches is v-html instead of v-text in code.gitea.io/gitea...

PT-2025-53440

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.2 Description Gitea versions before 1.22.2 contain a cross-site scripting XSS issue. The search input box, used when creating tags and branches, utilizes v-html instead of v-text, which allows for the execution of...

EUVD-2025-201338

The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrmaddnewtag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags an...

CVE-2025-13312 CRM Memberships <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action

The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrmaddnewtag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags an...

CVE-2025-13312 CRM Memberships <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action

The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrmaddnewtag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags an...

CVE-2025-13312

CVE-2025-13312 – CRM Memberships (WordPress) Affected: CRM Memberships plugin for WordPress (all versions up to and including 2.5).Root cause: Missing capability check in the ntzcrm_add_new_tag AJAX path, enabling unauthenticated users to create arbitrary membership tags and alter CRM configurati...