23 matches found
EUVD-2021-12667
Malware in sbrugna...
EUVD-2025-12368
Malicious code in bioql PyPI...
CVE-2024-39174
A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...
CVE-2021-25784
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...
Cross-Site Scripting (XSS)
org.opencms, opencms-core is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization in the Create/Modify article function, allowing JavaScript injection via the image title sub-field...
Cross-site Scripting (XSS)
org.opencms, opencms-core is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper handling of the author parameter under the Create/Modify article function, allowing attackers to inject arbitrary web scripts or HTML via a crafted payload...
CVE-2024-41446
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...
PT-2025-17444 · Alkacon · Alkacon Opencms
Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A Cross Site Scripting vulnerability in the Create/Modify article function allows a remote attacker to inject a javascript payload via the image title sub-field in the image field. Recommendations: Fo...
CVE-2024-41446
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
PT-2025-17320 · Alkacon · Alkacon Opencms
Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
CVE-2024-13202
A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument...
PT-2024-28378 · Yzmcms · Yzmcms
Name of the Vulnerable Software and Affected Versions: yzmcms version 7.1 Description: A cross-site scripting XSS vulnerability in the Publish Article function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. Recommendations: For...
CVE-2023-43267
A cross-site scripting XSS vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field...
Cross-site Scripting
terrylinooo/githuber-md is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization, allows attacker to execute arbitrary code via a crafted payload to the new article function...
CVE-2023-41423
Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function...
CVE-2023-41423
Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function...
Cross-Site Scripting (XSS)
github.com/mlogclub/bbs-go is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser via a crafted payload to the comment...
CVE-2023-36222
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...
CVE-2023-36222
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...