CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

PT-2026-1118

Name of the Vulnerable Software and Affected Versions Emlog version 2.5.23 Description Emlog, an open source website building system, contains a stored cross-site scripting issue. The issue is present in the Resource media library function when publishing an article. The Resource media library...

EUVD-2020-13722

Malware in sbrugna...

EUVD-2025-8716

Malicious code in bioql PyPI...

CVE-2025-59416 The Scratch Channel forks can publish articles

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

The Scratch Channel 输入验证错误漏洞

The Scratch Channel is a project site of The Scratch Channel open source. An input validation error vulnerability exists in The Scratch Channel versions 1 and 1.1, which stems from insufficient validation of article publishing endpoint permissions, and could lead to unauthorized publishing of...

CVE-2024-25381

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...

CVE-2020-20943

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

CVE-2025-2978

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?=container=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The...

CVE-2025-2978

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...

CVE-2025-2978

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...

CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...

CVE-2024-25381

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...

CVE-2024-25381

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...

Cross site scripting

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...

PT-2024-20909 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro version 2.2.8 Description: The issue is related to a Stored XSS vulnerability in the article publishing feature, caused by the non-filtering of quoted content. Recommendations: For Emlog Pro version 2.2.8, update to a newer version...

CVE-2024-25381

CVE-2024-25381 : A stored XSS vulnerability exists in Emlog Pro 2.2.8 Article Publishing due to non-filtering of quoted content. Affected component: article publishing feature in Emlog Pro 2.2.8. Root cause: input containing quoted content is not properly sanitized, enabling injection of script t...

CVE-2024-25381

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...

CVE-2023-31862

jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...