CVE-2026-35057

XenForo is affected in versions prior to 2.3.10 and prior to 2.2.19. The vulnerability is a stored XSS in structured text mentions, primarily impacting legacy profile post content. An attacker can inject malicious scripts via crafted mentions that are stored and executed when other users view the...

OPENSUSE-SU-2025:15621-1 ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.19-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

Allocation of Resources Without Limits or Throttling

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

DEBIAN-CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

CVE-2025-61772 Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...

CVE-2024-4398

The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2019-15777

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settingsemail= XSS...

CMS Made Simple <= 2.2.20 Multiple Vulnerabilities

CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...

CVE-2024-27622

A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with...

Cross site scripting

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...

CMS Made Simple Security Breach

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...

PT-2024-21974 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.19 Description: The issue is a Cross Site Scripting XSS vulnerability that resides in the File Manager module of the admin panel. It arises due to inadequate sanitization of user input in the "New directory" field...

CMS Made Simple Security Breach

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version 2.2.1...

CMS Made Simple 2.2.19 Server-Side Template Injection Vulnerability

Exploit Title: CMS Made Simple Version: 2.2.19 - SSTI Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Layout Design Manager Breadcrumbs 2 Click edit and write SSTI payloa...

CMS Made Simple 2.2.19 Remote Code Execution Vulnerability

Exploit Title: CMS Made Simple Version: 2.2.19 - Remote Code Execution Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Extensions User Defined Tags 2 Write in Code place...

Security fix for the ALT Linux 9 package python3-module-django version 2.2.19-alt1

2.2.19-alt1 built April 12, 2021 Alexey Shabalin in task 266900 Feb. 24, 2021 Alexey Shabalin - 2.2.19 - rename package to python3-module-django back - Fixes for the following security vulnerabilities: + CVE-2021-3281 Potential directory-traversal via archive.extract + CVE-2021-23336 Web cache...

WordPress WP DSGVO Tools (GDPR) plugin <= 2.2.18 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress WP DSGVO Tools GDPR plugin versions = 2.2.18. Solution Update the WordPress WP DSGVO Tools GDPR plugin to the latest available version at least 2.2.19...

CVE-2001-1396

Unknown vulnerabilities in strnlenuser for Linux kernel before 2.2.19, with unknown impact...