13 matches found
CVE-2026-22230
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...
EUVD-2022-3808
Malicious code in bioql PyPI...
DRUPAL-CONTRIB-2023-019
This module provides social media share & follow buttons. The module doesn't sufficiently restrict AddToAny block settings to users who have permission to administer AddToAny. This allows users with lower permission to configure malicious code leading to a Cross Site Scripting XSS vulnerability...
DRUPAL-CONTRIB-2023-006
This module enables you to add social sharing buttons to a site. The module doesn't sufficiently sanitize the weight and ratio values entered in the module or block configuration. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks"...
Croogo vulnerable to XSS in title field
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...
GHSA-Q4H5-G3W8-F9X7 Subrion CMS vulnerable to CSRF in admin/blocks/add
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter...
Access Restriction Bypass
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Access Restriction Bypass due to front-end restrictions. Random users can self-register even when the admin does not allow it. Remediation Upgrade...
Subrion CMS Code Issue Vulnerability
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A security vulnerability exists in the admin/blocks.php file in Subrion CMS 4.2.1 and earlier versions. An attacker ca...
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...
Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04653)
Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in admin/blocks/add/URI in Subrion CMS version 4.0.5. An...
Cross site request forgery (csrf)
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter...
Manx cms.xml 1.0.1 Multiple HTTP Response Splitting Vulnerabilities
Summary Manx is a Content Management System that uses xml text files to store the page contents, instead of a mysql database. Description Input passed to the POST parameter 'editorChoice' in 'adminblocks.php' and 'adminpages.php' and the POST parameter 'theme' in 'admincss.php', 'adminjs.php' and...