CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

CVE-2026-2946 rymcu forest Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cross site scripting

A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting...

CVE-2026-2946

A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting...

UBUNTU-CVE-2025-71242

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...

EUVD-2017-7427

Malware in sbrugna...

EUVD-2024-51287

Malicious code in bioql PyPI...

EUVD-2024-1025

Malicious code in bioql PyPI...

CVE-2024-13031

The CVE-2024-13031 affects Antabot White-Jotter up to version 0.2.2. Affected component: /admin/content/editor in the Article Content Editor. Root cause: cross-site scripting due to an issue in the editor’s handling, enabling remote exploitation. The vulnerability is publicly disclosed and can be...

CVE-2024-13031 Antabot White-Jotter Article Content Editor editor cross site scripting

A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/editor of the component Article Content Editor. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Th...

CVE-2024-37791

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?classid...

CVE-2024-37791

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?classid...

DuxCMS SQL Injection Vulnerability

DuxCMS is an open source content management system. A SQL injection vulnerability exists in DuxCMS version v3.1.3, which originates from the keyword parameter in /article/Content/index?classid contains a SQL injection vulnerability...

PT-2024-27753 · Duxcms3 · Duxcms3

Name of the Vulnerable Software and Affected Versions: DuxCMS3 version 3.1.3 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the keyword parameter at the "/article/Content/index?class id" API endpoint. Recommendations: For DuxCMS3 versio...

File Validation Bypass

ezsystems/ezplatform-kernel is vulnerable to File Validation Bypass. The vulnerability is due to improper file validation, which allows an attacker to save article content even if its rejected during validation...

Cross site scripting

Stupid Simple CMS =1.2.4 is vulnerable to Cross Site Scripting XSS in the editing section of the article content...

CVE-2020-21881

Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...

DuxCMS 跨站请求伪造漏洞

DuxCMS is an open source content management system. A cross-site request forgery vulnerability exists in DuxCMS version 2.1, which originates from admin.php that allows remote attackers to modify application data via article/admin/content/add...

CVE-2023-31862

jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...

CVE-2023-31862

jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...

SUSE CVE-2013-4138

Cross-site scripting XSS vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors...