CVE-2025-4202

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

CVE-2025-4202

CVE-2025-4202 affects the Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress. A missing capability check in the cf_add_comment function across all versions up to 5.2 allows authenticated users with Subscriber-level access or higher to modify data by adding comment...

EUVD-2025-209886

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

CVE-2025-4202 Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

CVE-2019-25301 thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...

PT-2026-6740

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add comment sql.php to execute...

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

PT-2026-2114

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2 through 5.5.2-187 Description ClipBucket v5 is a video sharing platform susceptible to a Blind SQL Injection issue. The flaw exists within the add comment section of a channel. An attacker can exploit this by sending ...

CVE-2025-14011 JIZHICMS Add Display Name Field addcomment.html commentlist sql injection

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

CVE-2025-53818 github-kanban-mcp-server Command Injection vulnerability

GitHub Kanban MCP Server is a Model Context Protocol MCP server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Serv...

GitHub Kanban MCP Server 操作系统命令注入漏洞

GitHub Kanban MCP Server is an application for Maki Personal Developers. An operating system command injection vulnerability exists in GitHub Kanban MCP Server version 0.4.0, which stems from a command injection in the addcomment tool...

CVE-2022-34834

An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log...

CVE-2022-34834

An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log...

CVE-2022-34834

An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log...

Cross site scripting

An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log...

VERMEG Agile Reporter Security Breach

VERMEG Agile Reporter is a hybrid of pre-packaged modules from VERMEG. A security vulnerability exists in VERMEG Agile Reporter version 21.3 that originates from an attacker being able to gain privileges by injecting cross-site scripting XSS into an Add Comment operation in the Activity log...

PT-2023-13423 · Vermeg · Vermeg Agilereporter

Name of the Vulnerable Software and Affected Versions: VERMEG AgileReporter version 21.3 Description: An issue was discovered in VERMEG AgileReporter where attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log. Recommendations: For VERMEG AgileReporter...