Lucene search
K

3661 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/19 8:38 a.m.4 views

CVE-2026-2735

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

5.1CVSS5.5AI score0.00177EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 8:38 a.m.4 views

CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

5.1CVSS5.5AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.7 views

CVE-2026-2622

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

5.4CVSS3.9AI score0.00256EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.6 views

Alkacon OpenCMS 跨站脚本漏洞

Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Version 18.0 of Alkacon OpenCMS contains a cross-site scripting vulnerability. This vulnerability arises from improper input validation of the text parameter when sending a POST request to...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/18 1:41 a.m.7 views

CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...

7.2CVSS5.9AI score0.00336EPSS
Exploits1References1
NVD
NVD
added 2026/02/17 9:22 p.m.6 views

CVE-2026-2622

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

5.4CVSS0.00256EPSS
Exploits1References4
OSV
OSV
added 2026/02/17 9:22 p.m.8 views

CVE-2026-2622

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

5.4CVSS4.1AI score0.00256EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/17 8:32 p.m.29 views

CVE-2026-2622 Blossom Article Title ArticleController.java content cross site scripting

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

5.1CVSS0.00256EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/17 8:32 p.m.4 views

CVE-2026-2622 Blossom Article Title ArticleController.java content cross site scripting

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

5.1CVSS3.9AI score0.00256EPSS
Exploits1References4
CVE
CVE
added 2026/02/17 8:32 p.m.21 views

CVE-2026-2622

Blossom Backend ≤ 1.17.1 contains a cross‑site scripting vulnerability in the Article Title Handler. The issue affects the ArticleController.java component (content manipulation in that file), allowing a remote attacker to trigger XSS. The exploit is public and can be used; vendor has not respond...

5.4CVSS3.6AI score0.00256EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/17 4:20 p.m.4 views

CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...

7.2CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/02/17 4:20 p.m.5 views

CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...

7.2CVSS0.00336EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.13 views

PT-2026-20340

Name of the Vulnerable Software and Affected Versions Blossom versions up to 1.17.1 Description A flaw exists in Blossom that allows for cross site scripting. The issue is located within the Article Title Handler component, specifically in the ArticleController.java file and its content function...

5.1CVSS3.9AI score0.00256EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/02/17 12:0 a.m.28 views

CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...

0.00336EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.9 views

Blossom 代码注入漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom 1.17.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect operations on the content function in the file...

5.4CVSS5.7AI score0.00256EPSS
Exploits1References4
CVE
CVE
added 2026/02/17 12:0 a.m.12 views

CVE-2025-70397

CVE-2025-70397 affects jizhicms 2.5.6. The vulnerability is a SQL Injection in two endpoints, Article/deleteAll and Extmolds/deleteAll, exploitable via the data parameter. Connected sources confirm the affected software and endpoints and mention a fix/update path in vendor advisories; no exploit ...

7.2CVSS5.9AI score0.00336EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.12 views

JIZHICMS(极致CMS) 安全漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 2.5.6 of JIZHICMS contains a security vulnerability. This vulnerability arises from the lack of validation for the data parameters in functions like Article/deleteAll and Extmolds/deleteAll, whic...

7.2CVSS5.9AI score0.00336EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-20264

Name of the Vulnerable Software and Affected Versions jizhicms version 2.5.6 Description The software contains a SQL Injection issue in the 'Article/deleteAll' and 'Extmolds/deleteAll' functionalities. The issue is triggered through the data parameter. Recommendations Update to a newer version th...

7.2CVSS5.8AI score0.00336EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/17 12:0 a.m.5 views

CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...

5.9AI score0.00336EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.7 views

WordPress plugin WP Last Modified Info 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References5
Rows per page
Query Builder