215 matches found
CVE-2021-47913
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...
CVE-2021-28114
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...
CVE-2019-7882
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can...
CVE-2019-7859
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control...
EUVD-2025-204602
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2023-53950
CVE-2023-53950 affects InnovaStudio WYSIWYG Editor 5.4. The vulnerability is an unrestricted file upload via filename manipulation that bypasses file extension restrictions, enabling attackers to upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent...
CVE-2023-53910 WBCE CMS 1.6.1 Stored Cross-Site Scripting via Page Content
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...
CVE-2023-53910
WBCE CMS 1.6.1 has a stored XSS vulnerability in the WYSIWYG editor: authenticated attackers can inject JavaScript by sending malicious content to /wbce/modules/wysiwyg/save.php (content parameter), which executes when pages are viewed. Root cause: improper input handling in page content. Impact:...
CVE-2023-53910 WBCE CMS 1.6.1 Stored Cross-Site Scripting via Page Content
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...
WBCE CMS 跨站脚本漏洞
WBCE CMS is WBCE CMS open source a set of PHP and MySQL based open source content management system CMS. A cross-site scripting vulnerability exists in WBCE CMS version 1.6.1, which stems from improper cleanup of content parameters in the WYSIWYG editor and could lead to a stored cross-site...
EUVD-2005-3016
Malware in sbrugna...
EUVD-2020-6321
Malware in sbrugna...
EUVD-2019-0683
Malware in sbrugna...
EUVD-2020-1436
Malware in sbrugna...
EUVD-2019-7899
Malware in sbrugna...
EUVD-2006-0485
Malware in sbrugna...
EUVD-2007-3009
Malware in sbrugna...
EUVD-2021-1491
Malware in sbrugna...
EUVD-2010-1935
Malware in sbrugna...
EUVD-2008-3846
Malware in sbrugna...