Lucene search
+L

51 matches found

RedhatCVE
RedhatCVE
added 2025/08/21 12:26 a.m.23 views

CVE-2025-51487

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...

4.5CVSS5.8AI score0.00401EPSS
Exploits2References1
OSV
OSV
added 2025/08/20 1:15 p.m.6 views

CVE-2025-54174

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
NVD
NVD
added 2025/08/20 1:15 p.m.11 views

CVE-2025-54174

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

5.1CVSS0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 12:53 p.m.2 views

CVE-2025-54174 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

5.1CVSS7AI score0.0018EPSS
Exploits0References2
CVE
CVE
added 2025/08/20 12:53 p.m.25 views

CVE-2025-54174

CVE-2025-54174 concerns QuickCMS: a Cross-Site Request Forgery in the article creation flow. An attacker could lure an admin to a crafted site, triggering a POST to create a malicious article with attacker-defined content. Documented impact is limited to the described CSRF behavior; exploitation ...

5.1CVSS7AI score0.0018EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/08/20 12:53 p.m.13 views

CVE-2025-54174 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

5.1CVSS0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.8 views

PT-2025-34051

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS affected versions not specified Description: QuickCMS is vulnerable to Cross-Site Request Forgery in the article creation functionality. A malicious attacker can craft a special website that, when visited by an...

5.1CVSS6.4AI score0.0018EPSS
Exploits0References7
NVD
NVD
added 2025/08/19 3:15 p.m.11 views

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

5.4CVSS0.0032EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/08/19 12:0 a.m.4 views

CVE-2025-51487

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...

5.3AI score0.00401EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/08/19 12:0 a.m.13 views

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

0.0032EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/08/19 12:0 a.m.13 views

CVE-2025-51487

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...

0.00401EPSS
Exploits2References2
OSV
OSV
added 2025/08/19 12:0 a.m.7 views

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

4.5CVSS5.9AI score0.0032EPSS
Exploits2References4
CVE
CVE
added 2025/08/19 12:0 a.m.28 views

CVE-2025-51487

CVE-2025-51487 describes a Stored XSS in MoonShine that affects versions older than 3.12.5. An attacker can inject a javascript: payload via the CutCode Link parameter when creating/updating an Article, leading to arbitrary JavaScript execution in the victim’s browser. Affected software: MoonShin...

4.5CVSS5.3AI score0.00401EPSS
Exploits2References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 a.m.7 views

CVE-2017-1001001

PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges...

5.4CVSS6.2AI score0.00643EPSS
Exploits0References1
OSV
OSV
added 2025/04/21 3:31 p.m.3 views

GHSA-H75C-F2XX-9VXV OpenCMS Cross-Site Scripting vulnerability

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

5.1CVSS5.9AI score0.00312EPSS
Exploits1References3
OSV
OSV
added 2025/04/21 3:31 p.m.52 views

GHSA-7M3W-M5G3-CC88 OpenCMS cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS6AI score0.00228EPSS
Exploits1References4
CVE
CVE
added 2024/12/27 12:0 a.m.55 views

CVE-2024-54774

Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in the /admin/articles/create endpoint. The root cause is the lack of effective filtering and escaping of user-supplied data, enabling an attacker to inject and execute arbitrary web script or HTML. Public references in mu...

4.8CVSS5.8AI score0.00315EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/12/15 12:0 a.m.4 views

FeehiCMS 跨站脚本漏洞

FeehiCMS is a Php-based CMS website builder by Liufee Personal Developer. A security vulnerability exists in FeehiCMS version 2.1.1, which stems from a vulnerability that allows remote attackers to run arbitrary code through the title field of the create article page...

5.4CVSS6.1AI score0.00506EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/12/15 12:0 a.m.5 views

PT-2022-25160 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.1.1 Description: The issue allows remote attackers to run arbitrary code via the title field of the create article page. This is a Cross Site Scripting XSS issue, which means an attacker can inject malicious scripts into th...

5.4CVSS5.7AI score0.00506EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.7 views

langhsu mblog 跨站请求伪造漏洞

langhsu mblog is langhsu open source an application system . Open source Java blog system , support for multi-user , support for switching themes . langhsu mblog 3.5.0 and its previous versions exist cross-site request forgery vulnerability , the vulnerability stems from the lack of background...

4.3CVSS5.1AI score0.00355EPSS
Exploits1References2
Rows per page
Query Builder