CVE-2026-2622

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

CVE-2026-2622 Blossom Article Title ArticleController.java content cross site scripting

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

CVE-2026-2622

Blossom Backend ≤ 1.17.1 contains a cross‑site scripting vulnerability in the Article Title Handler. The issue affects the ArticleController.java component (content manipulation in that file), allowing a remote attacker to trigger XSS. The exploit is public and can be used; vendor has not respond...

CVE-2026-2622 Blossom Article Title ArticleController.java content cross site scripting

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

Blossom 代码注入漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom 1.17.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect operations on the content function in the file...

EUVD-2025-25656

Malicious code in bioql PyPI...

CVE-2025-9406

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

CVE-2025-9406

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

CVE-2025-9406 xuhuisheng lemon CmsArticleController.java uploadImage unrestricted upload

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

PT-2025-34592 · Unknown · Xuhuisheng Lemon

Name of the Vulnerable Software and Affected Versions: xuhuisheng lemon versions through 1.13.0 Description: A weakness exists in xuhuisheng lemon up to version 1.13.0. This issue affects the uploadImage function within the CmsArticleController.java file, specifically in the...

CVE-2023-0243

A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack...

CVE-2023-0243

A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack...

ThinkCMF SQL Injection Vulnerability

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. An SQL injection vulnerability exists in the editpost method in ArticleController.class.php in ThinkCMF X2.2.2, which can be exploited by a normal authenticated user to perform a SQL injection attack via the postid1 parameter ...

SQL Injection Vulnerability in JYmusic ArticleController.php Page

JYmusic is an open source cross-platform music management system. A SQL injection vulnerability exists in the JYmusic ArticleController.php page. Allow attackers to exploit the vulnerability to obtain sensitive database information...

CVE-2017-11413

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/commentstatus.php via $GET'id'...

SQL Injection Vulnerability in DBSHOP_0.9.3_Beta Frontend

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta front SQL injection vulnerability . Due to /module/Shopfront/src/Shopfront/Controller/ArticleController.php at the id parameter spliced into the infoArticle failed to use quotation marks filter ,...

Mao10CMS SQL injection-vulnerability warning-the black bar safety net

Vulnerability file: Application\Article\Controller\IndexController.class.php code area public function tag$tag,$page=1 ifisnumeric$page //Pass reference filter $condition'type' = 'article'; $date = strtotime"now"; $argsid = M'meta'-where "metakey='tag' AND metavalue='$tag' AND...

eduwind 1.6.3 /protected/modules/cms/controllers/ArticleController.php SQL注入漏洞

No description provided by source...