10 matches found
EUVD-2025-36376
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit h...
CVE-2025-12330
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit h...
CVE-2025-12330 Willow CMS Add Post add cross site scripting
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit h...
PT-2025-44057
Name of the Vulnerable Software and Affected Versions Willow CMS versions prior to 1.4.1 Description A security flaw exists in Willow CMS that allows for cross site scripting. The issue is related to the processing of the file '/admin/articles/add' within the Add Post Page component. Manipulation...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /admin/articles/create endpoint due to improper user input sanitization. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an...
Improper Access Control
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Improper Access Control where a low-privileged user can modify and delete admin articles by changing the value of the articleid parameter. Remediation...
Publify has Improper Access Controls
A low-privileged user can modify and delete admin articles by changing the value of the articleid parameter prior to 9.2.9...
GHSA-C273-C6VG-4PV5 Publify has Improper Access Controls
A low-privileged user can modify and delete admin articles by changing the value of the articleid parameter prior to 9.2.9...
PT-2022-14130 · Publify · Publify
Name of the Vulnerable Software and Affected Versions: publify/publify versions prior to 9.2.9 Description: The issue allows a low-privileged user to bypass authorization and access sensitive information by manipulating a user-controlled key. Specifically, this can be achieved by modifying the...
Improper Access Control - Articles
Description A low-privileged user can modify and delete admin articles just by changing the value of the articleid parameter. Proof of Concept - Step 1 - Authenticated as an unprivileged user, create a New article - Step 2 - Click Edit article - Step 3 - Intercept requests and Save your article -...