CVE-2018-16248

CVE-2018-16248 affects b3log Solo 2.9.3. An XSS flaw exists in the Input page under the “Publish Articles” menu, where the articleTags field stored in the tag JSON enables an admin-authenticated HTTP request to inject arbitrary scripts via a crafted site name. The vulnerability is caused by insuf...

CVE-2018-16249

In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated us...

Code injection

In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated us...

CVE-2018-16249

In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated us...

CVE-2014-2091

Cross-site scripting XSS vulnerability in mods/standard/forums/admin/forumadd.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an addforum action. NOTE: the original disclosure also reported issues that may not cross...

CVE-2009-4908

Multiple cross-site scripting XSS vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the 1 commentName, 2 commentEmail, 3 commentWeb, or 4 commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or...