CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of user input when creating or editing blog articles in the category section, which could lea...

Raytha CMS 跨站脚本漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the FieldValues1.Value parameter in the article editing function, which allowed for stored...

CVE-2020-10494

CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request...

CVE-2026-21429

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

CVE-2026-21429 Emlog has Broken Access Control (BAC)

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

CVE-2026-21429 Emlog has Broken Access Control (BAC)

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

EUVD-2020-2949

Malware in sbrugna...

EUVD-2020-2947

Malware in sbrugna...

EUVD-2021-25042

Malware in sbrugna...

EUVD-2024-53602

Malicious code in bioql PyPI...

EUVD-2023-55968

Malicious code in bioql PyPI...

EUVD-2023-33180

Malicious code in bioql PyPI...

EUVD-2024-20246

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-38602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. CVE-2021-38602 Note that Nessus relies on the presence of the package as reported by the...

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.journal.web is a Liferay Journal Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the use of journalEditArticleDisplayContext.getBackURL when editing articles. An attacker can execute arbitrary JavaScript code in the context of...

CVE-2024-22714

Stupid Simple CMS =1.2.4 is vulnerable to Cross Site Scripting XSS in the editing section of the article content...

CVE-2023-29639

Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString...

CVE-2021-38602

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content...

CVE-2020-29007

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...

CVE-2020-10496

CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request...