3656 matches found
CVE-2025-55409
CVE-2025-55409 concerns FoxCMS 1.2.6, which has a Cross-Site Scripting vulnerability in the /index.php/article endpoint that can lead to arbitrary code execution. Technical details across sources specify the affected software and component, and the underlying issue is a reflected/persistent XSS i...
CVE-2025-54174
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-51487
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...
CVE-2025-51489
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...
CVE-2025-54174
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54174
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54174
CVE-2025-54174 concerns QuickCMS: a Cross-Site Request Forgery in the article creation flow. An attacker could lure an admin to a crafted site, triggering a POST to create a malicious article with attacker-defined content. Documented impact is limited to the described CSRF behavior; exploitation ...
CVE-2025-54174 Cross-Site Request Forgery in QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54174 Cross-Site Request Forgery in QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-9100
A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...
PT-2025-34051
Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS affected versions not specified Description: QuickCMS is vulnerable to Cross-Site Request Forgery in the article creation functionality. A malicious attacker can craft a special website that, when visited by an...
Cross-site Scripting (XSS)
Overview com.liferay:com.liferay.journal.web is a Liferay Journal Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the use of journalEditArticleDisplayContext.getBackURL when editing articles. An attacker can execute arbitrary JavaScript code in the context of...
Cross-site Scripting (XSS)
Overview moonshine/moonshine is a Laravel administration panel Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Link parameter when creating/updating a new Article. Note There appears to be a fix attempt in 3.12.4, which was reverted in 3.12.6. At the time of...
Unrestricted Upload of File with Dangerous Type
Overview moonshine/moonshine is a Laravel administration panel Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via the Files - Thumbnail parameter when creating/updating an Article. An attacker can run scripts within the context of the applicati...
GHSA-P632-58PP-C9XG moonshine Stored Cross-Site Scripting Vulnerability in Create Article
A stored cross-site scripting XSS vulnerability in the Create Article function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Link parameter...
moonshine Stored Cross-Site Scripting Vulnerability in Create Article
A stored cross-site scripting XSS vulnerability in the Create Article function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Link parameter...
CVE-2025-51489
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...
CVE-2025-51489
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...
CVE-2025-51487
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...
PT-2025-33738 · Moonshine · Moonshine
Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.3 Description: A stored cross-site scripting XSS vulnerability exists in the Create Article function. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the Link parameter...