CVE-2025-8121 Blind SQL Injection in PAD CMS

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

CVE-2025-8121 Blind SQL Injection in PAD CMS

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

CVE-2025-10346

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledgebase/article'...

Polska Akademia Dostępności CMS SQL注入漏洞

Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. Polska Akademia Dostępności CMS suffers from a SQL injection vulnerability that stems from improper neutralization of authorized user input in the article locator feature, whic...

Polska Akademia Dostępności CMS SQL注入漏洞

Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. Polska Akademia Dostępności CMS suffers from an SQL injection vulnerability that stems from improperly neutralized inputs to the article locator function, which could lead to a...

PT-2025-40031

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay Portal 7.4 GA through update 92 Older unsupported versions Description The software...

PT-2025-39970

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The issue involves improper neutralization of input provided by an authorized user within the article positioning functionality, leading to potential Blind SQL...

PT-2025-39971

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The issue involves improper neutralization of input provided by an authorized user in the article positioning functionality, leading to Blind SQL Injection...

CVE-2025-10346

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledgebase/article'...

CVE-2025-10346

CVE-2025-10346 affects Perfex CRM v3.2.1 with a stored HTML injection in the knowledge_base/article endpoint. The vulnerability arises from insufficient input validation of the subject parameter, allowing an attacker to inject arbitrary HTML via a POST request. Multiple sources corroborate this: ...

CVE-2025-10346 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledgebase/article'...

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

PT-2025-39819

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description A stored HTML injection issue exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request with malicious content in the subject parameter to the ''/knoewled...

CVE-2025-59416

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

How Enterprise SEO Solutions Improve Brand Authority

Now, especially in a very competitive environment, it is essential to make your name shine. Enterprise SEO solutions…...

CVE-2025-59416

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

CVE-2025-59416

CVE-2025-59416 affects The Scratch Channel web application. The vulnerability arises from the API’s POST handling, which can be abused by a user with fork privileges to alter administrators and publish articles without proper permission checks. This could allow arbitrary article creation and admi...

CVE-2025-59416 The Scratch Channel forks can publish articles

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

CVE-2025-10434

A vulnerability was identified in IbuyuCMS up to 2.6.3. Impacted is an unknown function of the file /admin/article.php?a=mod of the component Add Article Page. The manipulation of the argument Title leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

The Scratch Channel 安全漏洞

The Scratch Channel is a project site of The Scratch Channel open source. A security vulnerability exists in versions of The Scratch Channel prior to 1.2, which stems from the API's failure to validate user permissions when using a POST request, which could lead to arbitrary article creation and...