27 matches found
CVE-2026-38949
Cross-Site Scripting XSS vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code...
CVE-2026-38949
Cross-Site Scripting XSS vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code...
CVE-2026-38949
Cross-Site Scripting XSS vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the WebsiteAddContent process. An attacker can access sensitive files on the server by supplying crafted path values containing directory traversal sequences. This is only exploitable if the attacker has an...
CVE-2026-24668 Open eClass Broken Access Control Allows Students to Add Content to Course Units
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...
EUVD-2025-31437
Malicious code in bioql PyPI...
CVE-2025-11077
A vulnerability was determined in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/addcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclose...
CVE-2025-11077
A vulnerability was determined in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/addcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclose...
CVE-2025-11077
CVE-2025-11077 affects Campcodes Online Learning Management System 1.0. The vulnerability is a SQL injection in the /admin/add_content.php file, triggered by manipulating the Title argument. It is exploitable remotely and has been publicly disclosed. The connected reports consistently describe th...
CVE-2025-11077 Campcodes Online Learning Management System add_content.php sql injection
A vulnerability was determined in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/addcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclose...
CVE-2025-11077 Campcodes Online Learning Management System add_content.php sql injection
A vulnerability was determined in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/addcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclose...
CampCodes Online Learning Management System SQL注入漏洞
CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Online Learning Management System System version 1.0, which stems from an incorrect manipulation of the parameter Title in the fil...
CVE-2025-43797
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...
GHSA-25M3-W28P-V3V3 Liferay has Insecure Default Initialization of Resource issue
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...
CVE-2025-43797
CVE-2025-43797 (Liferay) affects Liferay Portal 7.1.0–7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, plus older unsupported builds. The root cause is a default Open membership setting on newly created sites, which allows any registered user to become a member and potentially view, add,...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
📄 bludit 3.16.2 Persistent Cross Site Scripting
bludit version 3.16.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS "Add New Content" Functionality - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS "Add Ne...
Self XSS in "Content Types / Add Content Type"
Description Add payload to field System name: Proof of Concept https://drive.google.com/file/d/1xJ24a3HveP4dpKXF5zmtsNIa2-wweoA/view?usp=sharing...
CVE-2021-36702
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...
CVE-2021-36702
CVE-2021-36702 affects htmly 2.8.1. The vulnerability is a stored XSS in the content field of the ”regular post” → “add content” page in the dashboard. It allows an attacker who can issue authenticated POST requests to add/content to inject arbitrary HTML/ scripts, enabling cross-site script exec...