51 matches found
CVE-2025-51487
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...
CVE-2025-54174
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54174
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54174 Cross-Site Request Forgery in QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54174
CVE-2025-54174 concerns QuickCMS: a Cross-Site Request Forgery in the article creation flow. An attacker could lure an admin to a crafted site, triggering a POST to create a malicious article with attacker-defined content. Documented impact is limited to the described CSRF behavior; exploitation ...
CVE-2025-54174 Cross-Site Request Forgery in QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
PT-2025-34051
Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS affected versions not specified Description: QuickCMS is vulnerable to Cross-Site Request Forgery in the article creation functionality. A malicious attacker can craft a special website that, when visited by an...
CVE-2025-51489
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...
CVE-2025-51487
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...
CVE-2025-51489
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...
CVE-2025-51487
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...
CVE-2025-51489
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...
CVE-2025-51487
CVE-2025-51487 describes a Stored XSS in MoonShine that affects versions older than 3.12.5. An attacker can inject a javascript: payload via the CutCode Link parameter when creating/updating an Article, leading to arbitrary JavaScript execution in the victim’s browser. Affected software: MoonShin...
CVE-2017-1001001
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges...
GHSA-H75C-F2XX-9VXV OpenCMS Cross-Site Scripting vulnerability
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...
GHSA-7M3W-M5G3-CC88 OpenCMS cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...
CVE-2024-54774
Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in the /admin/articles/create endpoint. The root cause is the lack of effective filtering and escaping of user-supplied data, enabling an attacker to inject and execute arbitrary web script or HTML. Public references in mu...
FeehiCMS 跨站脚本漏洞
FeehiCMS is a Php-based CMS website builder by Liufee Personal Developer. A security vulnerability exists in FeehiCMS version 2.1.1, which stems from a vulnerability that allows remote attackers to run arbitrary code through the title field of the create article page...
PT-2022-25160 · Feehicms · Feehicms
Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.1.1 Description: The issue allows remote attackers to run arbitrary code via the title field of the create article page. This is a Cross Site Scripting XSS issue, which means an attacker can inject malicious scripts into th...
langhsu mblog 跨站请求伪造漏洞
langhsu mblog is langhsu open source an application system . Open source Java blog system , support for multi-user , support for switching themes . langhsu mblog 3.5.0 and its previous versions exist cross-site request forgery vulnerability , the vulnerability stems from the lack of background...