CVE-2025-58920

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zootemplate Cerato cerato allows Reflected XSS.This issue affects Cerato: from n/a through = 2.2.18...

CVE-2025-58920 WordPress Cerato theme <= 2.2.18 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18...

WordPress plugin Cerato 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-35056

Summary (supported by connected docs): XenForo versions before 2.3.9 and before 2.2.18 are affected by a remote code execution (RCE) vulnerability exploitable by authenticated, malicious admins who have access to the admin panel. The attacker can execute arbitrary code on the server. The referenc...

CVE-2026-35056

XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...

EUVD-2019-5977

Malware in sbrugna...

OPENSUSE-SU-2025:15587-1 ruby3.4-rubygem-rack-2.2-2.2.18-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.18-1.1 package on the GA media of openSUSE Tumbleweed...

UBUNTU-CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

CVE-2025-59830 Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

PT-2025-39397

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.18 Description Rack’s QueryParser component incorrectly counts parameters when using both '&' and ';' separators. The params limit is only enforced for parameters separated by '&', allowing attackers to bypass the...

CVE-2023-43352

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component...

CVE-2023-43358

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component...

CVE-2023-43357

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component...

CVE-2023-43353

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component...

Cross site scripting

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component...

CMS Made Simple Cross-Site Scripting Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made Simple...

CMS Made Simple Cross-Site Scripting Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made Simple...

PT-2023-28802 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. This enables the attacker to perform...

CVE-2023-43359

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component...

PT-2023-28804 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component...