3656 matches found
CVE-2021-38602
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content...
CVE-2021-36484
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page...
CVE-2021-25784
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...
CVE-2021-42092
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket...
CVE-2021-30227
Cross Site Scripting XSS vulnerability in the article comments feature in emlog 6.0...
CVE-2021-25783
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search...
CVE-2020-29160
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing...
CVE-2020-29007
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...
CVE-2020-36609
A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiat...
CVE-2020-20943
A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...
CVE-2020-21321
emlog v6.0 contains a Cross-Site Request Forgery CSRF via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles...
CVE-2020-15821
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft...
CVE-2020-23241
Cross Site Scripting XSS vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News Article" feature...
CVE-2020-18195
Cross Site Request Forgery CSRF in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."...
CVE-2020-10496
CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request...
CVE-2020-24993
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when visitors access the article module...
CVE-2020-20347
WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the source field under the article management module...
CVE-2018-11679
An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability that can add an article via /index.php?case=table=add=archivedir=admin...
CVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1name parameter in "Add Article" under Content - Content Manager - News...
CVE-2019-8902
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI...