CVE-2025-70129

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. T...

EUVD-2021-17159

Malware in sbrugna...

CVE-2021-30227

Cross Site Scripting XSS vulnerability in the article comments feature in emlog 6.0...

PT-2025-15278 · Typecho · Typecho

Name of the Vulnerable Software and Affected Versions: Typecho version 1.2.1 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under a comment for an Article. Recommendations: For Typecho...

PT-2024-34419 · Unknown · Hopetree Izone Lts

Name of the Vulnerable Software and Affected Versions: hopetree izone lts version c011b48 Description: The issue is related to a Cross Site Scripting XSS vulnerability in the article comment function. Specifically, the AddCommintView function in appscommentviews.py does not securely filter user...

CVE-2023-36222

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...

CVE-2020-19294

A stored cross-site scripting XSS vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section...

CVE-2020-19294

A stored cross-site scripting XSS vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section...

CVE-2020-19294

A stored cross-site scripting XSS vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section...

Jeesns 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the article comment section...

CVE-2021-30227

Cross Site Scripting XSS vulnerability in the article comments feature in emlog 6.0...

CVE-2021-30227

Cross Site Scripting XSS vulnerability in the article comments feature in emlog 6.0...

Cross site scripting

Cross Site Scripting XSS vulnerability in the article comments feature in emlog 6.0...

CVE-2021-30227

Cross Site Scripting XSS vulnerability in the article comments feature in emlog 6.0...

Cross site scripting

The way comments in article.php vulnerable function in include/functions-article.php are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/manage-comments.php, via the GET parameter cmt...

XSS Vulnerability in JEESNS Article Comments

JEESNS is an open source social management system developed on JAVA's enterprise-class platform. JEESNS article comments at the XSS vulnerability , an attacker can use the vulnerability to inject arbitrary Web script or HTML...

WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection

Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugins and Extensions...

Mail.ru: Persistent XSS in afisha.mail.ru

Adding a comment to article, this makes javascript execution possible. POST: http://afisha.mail.ru/ext/addcomment/ Post Content alias=article&id=42797&pid=&count=20&commentbody=%5Btesting%5D+%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&ok=%D0%94%D0%BE%D0%B1%D0%B0%D0%B2%D0%B8%D1%82%D1%8C also the...

oBlog Persistant XSS, CSRF, Admin Bruteforce

No description provided by source. ------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip Author of this full disclosure: Milos Zivanovic...

oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force

oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force ------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip...