1746 matches found
CVE-2025-34074
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...
CVE-2025-34074 Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...
CVE-2025-34074 Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...
CVE-2025-34074
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...
CVE-2025-6050
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
CVE-2025-24388
A vulnerability in the OTRS Admin Interface and Agent Interface versions before OTRS 8 allow parameter injection due to for an autheniticated agent or admin user. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS 2025.X OTRS Community Edition: 6.0.x Products based on the OTRS...
GHSA-7PR5-W74R-JJJ7 Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
CVE-2025-6050
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
CVE-2025-6050
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
CVE-2025-6050 Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
CVE-2025-6050
CVE-2025-6050 affects Mezzanine CMS versions before 6.1.1. The vulnerability is a Stored XSS in the admin interface caused by improper sanitization in the displayable_links_js path, where a blog post title containing malicious JavaScript is included in JSON responses served at /admin/displayable_...
CVE-2025-6050 Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
PT-2025-25643 · Unknown · Mezzanine Cms
Name of the Vulnerable Software and Affected Versions: Mezzanine CMS versions prior to 6.1.1 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability in the admin interface. It exists in the displayable links js function, which fails to properly sanitize blog post titles before...
CVE-2025-24388
A vulnerability in the OTRS Admin Interface and Agent Interface versions before OTRS 8 allow parameter injection due to for an autheniticated agent or admin user. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS 2025.X OTRS Community Edition: 6.0.x Products based on the OTRS...
PT-2025-25548 · Otrs +1 · Otrs +1
Name of the Vulnerable Software and Affected Versions: OTRS versions prior to 8 OTRS Community Edition version 6.0.x Description: A vulnerability in the OTRS Admin Interface and Agent Interface allows parameter injection for an authenticated agent or admin user. This issue affects several version...
Curfew e-Pass Management System /admin/view-pass-detail.php File SQL Injection Vulnerability
Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter viewid in file /admin/view-pass-detail.php. An...
Complaint Management System /admin/edit-subcategory.php File SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter subcategory in the file /admin/edit-subcategory.php. An attacker can...
Employee Record Management System /admin/allemployees.php File SQL Injection Vulnerability
Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/allemployees.php. An...
CVE-2025-5778
A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /admin. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...