CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

Alkacon OpenCMS 跨站脚本漏洞

Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Version 18.0 of Alkacon OpenCMS contains a cross-site scripting vulnerability. This vulnerability arises from improper input validation of the text parameter when sending a POST request to...

PT-2025-39819

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description A stored HTML injection issue exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request with malicious content in the subject parameter to the ''/knoewled...

CVE-2025-57805

CVE-2025-57805 affects The Scratch Channel web platform. In versions 1 and 1.1, a POST to the article-publishing endpoint allows posting articles in any category with any date, regardless of login status, indicating an authorization bypass in the publish workflow. The issue has been patched in ve...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...

paicoding 安全漏洞

paicoding is an open source community system for itwanger individual developers. A security vulnerability exists in paicoding version 1.0.3, which stems from improper authorization due to misuse of the parameter articleId in the file /article/api/post...

PT-2024-31274 · Rapidcms · Rapidcms

Name of the Vulnerable Software and Affected Versions: RapidCMS version 1.3.1 Description: A SQL injection issue was discovered via the articleid parameter at the "/default/article.php" API endpoint. This allows for potential exploitation. Recommendations: For RapidCMS version 1.3.1, consider...

PT-2023-32765 · Thecosy · Thecosy Icecms

Name of the Vulnerable Software and Affected Versions: Thecosy IceCMS version 2.0.1 Description: A critical vulnerability was found in Thecosy IceCMS, affecting an unknown function of the file /article/DelectArticleById/ of the component Article Handler. This issue leads to permission problems an...

PT-2023-22586 · Douphp · Douphp

Name of the Vulnerable Software and Affected Versions: DouPHP version 1.7 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique id parameter in "/admin/article.php". This enables attackers to...