CVE-2026-3041

A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cro...

CVE-2026-2825

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-2825

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-2825

CVE-2026-2825 affects WeRSS we-mp-rss up to 1.4.8, specifically the Article Module’s tools/fix.py fix_html function. The vulnerability enables cross-site scripting (XSS) via manipulated input, with remote initiation possible. The exploit has been disclosed publicly. The provided documents do not ...

CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-2825

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

WeRSS 代码注入漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier had a code injection vulnerability. This vulnerability originated from a cross-site scripting issue in the fixhtml function within the Article Module component’s files in tools/fix.py...

PT-2026-21001

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

EUVD-2012-5793

Malware in sbrugna...

EUVD-2020-17693

Malware in sbrugna...

EUVD-2024-52013

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-53620

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via...

CVE-2023-0243

A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack...

CVE-2020-24993

There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when visitors access the article module...

UBUNTU-CVE-2024-53620

A cross-site scripting XSS vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

CVE-2024-53620

Removed by vendor...

SPIP 安全漏洞

SPIP is a free software for creating Internet sites from SPIP Open Source. A security vulnerability exists in SPIP v4.3.3, which originates from a cross-site scripting vulnerability in the Article module...

CVE-2024-53620

SPIP 4.3.3 Article module vulnerable to XSS: authenticated users can inject a payload into the Title parameter to trigger cross-site scripting. The issue affects SPIP v4.3.3 with the Article module; underlying cause is an XSS in Title handling. Exploitation is not described as active in the provi...

PT-2024-35795 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP version 4.3.3 Description: A cross-site scripting XSS vulnerability in the Article module of SPIP allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. This...