EUVD-2018-5366

Malware in sbrugna...

CVE-2025-2043

A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified as critical. This issue affects some unknown processing of the file /adminthemes of the component Add New Topic Handler. The manipulation of the argument Topic Key leads to deserialization. The attack may be initiated remotely...

CVE-2025-1113

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /adminthemes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been...

PT-2025-6008 · Unknown · Taisan Tarzan-Cms

Name of the Vulnerable Software and Affected Versions: taisan tarzan-cms versions up to 1.0.0 Description: This issue affects the function upload of the file "/adminthemes" of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely...

CVE-2024-10479

A vulnerability, which was classified as problematic, was found in LinZhaoguan pb-cms up to 2.0.1. Affected is an unknown function of the file /adminthemes of the component Theme Management Module. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The...

pb-cms 跨站脚本漏洞

pb-cms waterfall content management system is a content management system by LinZhaoguan personal developer. A cross-site scripting vulnerability exists in pb-cms versions prior to 2.0.1, which stems from the component Theme Management Module's file /adminthemes that can lead to cross-site...

PT-2024-16307 · Linzhaoguan · Linzhaoguan Pb-Cms

Name of the Vulnerable Software and Affected Versions: LinZhaoguan pb-cms versions up to 2.0.1 Description: A problematic issue was found in the Theme Management Module of the affected software, specifically in an unknown function of the file /adminthemes. This issue leads to cross-site scripting...

GHSA-X3G3-JH26-76CF Cross-site Scripting in livehelperchat

LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration...

Cross-site Scripting in livehelperchat

LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration...

Cross-site Scripting (XSS)

livehelperchat is vulnerable to cross site scripting. The vulnerability exists due to a lack of validation in the Name field in the Admin themes of System configuration allowing an attacker to input maliciously crafted code...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to Setting - Live help configuration tab 2.Click on Admin themes in Visual settings for the admin sectio...

PT-2022-13136 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: LiveHelperChat versions prior to 3.93v Description: The issue is related to a Stored Cross-site Scripting XSS vulnerability. It affects the Name field in the Admin themes of System configuration, allowing for potential malicious script...

Gila CMS Cross-Site Request Forgery Vulnerability

Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in Gila CMS versions prior to 1.11.6. An attacker can exploit this vulnerability to take control of the administrator account with the help of the admin/themes URI...

CVE-2019-20804

Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account...

CVE-2013-4275

Cross-site scripting XSS vulnerability in the zenbreadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the...

Omeka Cross-Site Scripting Vulnerability

Omeka is a set of Web publishing platforms for exhibiting libraries, museums, archives, and academic collections developed by the Omeka team at the Roy Rosenzweig Center for History and New Media Roy Rosenzweig CHNM at George Mason University USA. A cross-site scripting vulnerability exists in th...

LimeSurvey Theme Uninstallation Cross-Site Request Forgery Vulnerability

LimeSurvey formerly known as PHPSurveyor is an open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection.Theme Uninstallatio is one of the Theme Uninstallatio components. A cross-site request...

Zomplog <= 3.8.2 (newuser.php) Arbitrary Add Admin Exploit

Exploit for unknown platform in category web applications ========================================================== Zomplog Добавляем админа "Add Admin" /-- Титлы блога "Blog Title" Логин "Username" Пароль "Password" Повторяем пароль "Confirm...