PT-2025-51949

Name of the Vulnerable Software and Affected Versions Textpattern CMS version 4.8.8 Description Textpattern CMS contains a stored cross-site scripting issue in the article excerpt field. Authenticated users can inject malicious scripts into the excerpt. When an article is viewed by other users, t...

Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026

Frankfurt am Main, Germany, 16th December 2025, CyberNewsWire...

What Happens Inside PDFAid in Seconds: From Upload to Download

Disclosure: This article was submitted by PDFAid for publication...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

CVE-2025-64049

CVE-2025-64049 describes a stored XSS in REDAXO CMS 5.20.0, specifically in the module management component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the Output code field in modules; the payload executes when a user views or edits an article that inclu...

EUVD-2025-198986

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CGGMP21 presignatures can be used in the way that significantly reduces security

This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously you could generate a presignature, and then choose a HD derivation path while issuing a partial signature via Presignature::setderivationpath,...

CVE-2025-64048

Affected software/component: YCCMS 3.4, specifically the article management functionality in ArticleAction.class.php. Vulnerability: Stored cross-site scripting (XSS) in the article title input. The root cause is improper neutralization/validation of user-supplied data in the add() and getPost() ...

Yccms 安全漏洞

Yccms is a lightweight Php-based CMS builder by Yccms team. A security vulnerability exists in Yccms version 3.4, which stems from improper neutralization of article title field input by the add and getPost functions in the ArticleAction.class.php file, which could lead to a stored cross-site...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

PT-2025-47955

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

Exploit for CVE-2025-64049

CVE-Disclosures Welcome to the CVE disclosures section of thi...

2025-11 Cumulative security Hotpatch for Azure Stack HCI, version 21H2 and Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5068840)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information...

CVE-2025-12330

A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit h...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the "edit Knowledge Base" article page. An attacker can execute arbitrary web scripts or HTML by injecting a crafted payload into an attachment's filename. Details Cross-site scripting or XSS is a code...

GHSA-GCCF-R9XP-X8JX Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page

Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject...