CVE-2025-10434

A vulnerability was identified in IbuyuCMS up to 2.6.3. Impacted is an unknown function of the file /admin/article.php?a=mod of the component Add Article Page. The manipulation of the argument Title leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-10434 IbuyuCMS Add Article article.php cross site scripting

A vulnerability was identified in IbuyuCMS up to 2.6.3. Impacted is an unknown function of the file /admin/article.php?a=mod of the component Add Article Page. The manipulation of the argument Title leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-10434 IbuyuCMS Add Article article.php cross site scripting

A vulnerability was identified in IbuyuCMS up to 2.6.3. Impacted is an unknown function of the file /admin/article.php?a=mod of the component Add Article Page. The manipulation of the argument Title leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-10434

IbuyuCMS up to version 2.6.3 is affected by a cross-site scripting (XSS) vulnerability in the Add Article Page component, specifically via manipulation of the Title argument in /admin/article.php?a=mod. The issue enables remote exploitation and an exploit is publicly available. Remediation: upgra...

PT-2025-37460

Name of the Vulnerable Software and Affected Versions: IbuyuCMS versions up to 2.6.3 Description: A vulnerability exists in IbuyuCMS that allows for cross site scripting. The issue is located in the Add Article Page component, specifically within the file /admin/article.php?a=mod. Manipulation of...

IbuyuCMS 代码注入漏洞

IbuyuCMS is a content management system of IbuyuCMS open source. A code injection vulnerability exists in IbuyuCMS 2.6.3 and earlier versions, which stems from incorrect manipulation of the parameter Title in the file /admin/article.php, and may lead to cross-site scripting attacks...

CVE-2025-10105

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-10211 yanyutao0402 ChanCMS getArticle CollectController server-side request forgery

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...

CVE-2025-10211 yanyutao0402 ChanCMS getArticle CollectController server-side request forgery

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...

CVE-2025-10211

ChanCMS 3.3.0 contains a server-side request forgery in the CollectController, triggered by manipulating the taskUrl parameter in /cms/collect/getArticle. The issue allows remote attackers to make arbitrary requests from the server. Public disclosures and a Nuclei template detail this SSRF, descr...

Linux Distros Unpatched Vulnerability : CVE-2022-3501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Article template contents with sensitive data could be accessed from agents without permissions. CVE-2022-3501 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2024-53620

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via...

Linux Distros Unpatched Vulnerability : CVE-2021-38602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. CVE-2021-38602 Note that Nessus relies on the presence of the package as reported by the...

CVE-2025-10105

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2025-36505

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.3.1 Description: A SQL injection flaw exists in yanyutao0402 ChanCMS due to manipulation of the keyword argument in the /cms/article/search file. This issue can be exploited remotely. Recommendations: A...

CVE-2025-9406

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

CVE-2025-57759

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...

Incorrect Authorization

Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Incorrect Authorization in the page and article edit fields. An attacker can modify content without...

CVE-2025-57759 Contao has improper privilege management for page and article fields

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...

CVE-2025-57759 Contao has improper privilege management for page and article fields

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...