CVE-2026-35183 Brave CMS has an Insecure Direct Object Reference in Article Image Deletion

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

chyrp-lite 安全漏洞

Chyrp-Lite is a self-hosted blog and website platform developed by Daniel Pimley. Versions of Chyrp-Lite prior to version 2026.01 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object references or bulk assignment issues in the Post model, which could lead ...

Brave CMS 安全漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir. Versions of Brave CMS prior to 2.0.6 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the article image deletion function, which could allow authenticate...

PT-2026-33208

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.43.7 MediaWiki versions prior to 1.44.4 MediaWiki versions prior to 1.45.2 Description An issue exists in the program files includes/Page/Article.Php of the Wikimedia Foundation MediaWiki software. Recommendations...

CVE-2026-21632

Lack of output escaping for article titles leads to XSS vectors in various locations...

EUVD-2026-17859

Lack of output escaping for article titles leads to XSS vectors in various locations...

CVE-2026-21632

Lack of output escaping for article titles leads to XSS vectors in various locations...

CVE-2026-21632 Joomla! Core - [20260304] - XSS vectors in various article title outputs

Lack of output escaping for article titles leads to XSS vectors in various locations...

CVE-2026-21632

Lack of output escaping for article titles leads to XSS vectors in various locations...

CVE-2026-21632 Joomla! Core - [20260304] - XSS vectors in various article title outputs

Lack of output escaping for article titles leads to XSS vectors in various locations...

CVE-2026-21632

Summary (CVE-2026-21632) : Joomla! Core suffers XSS due to lack of output escaping for article titles, enabling injected scripts in various article-title outputs. Connected sources confirm this affects Joomla core output paths and document titles, with multiple vendor references and CVSS-based as...

PT-2026-29504

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description A lack of output escaping for article titles creates cross-site scripting XSS vectors in multiple areas. Recommendations At the moment, there is no information about a newer version that...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability occurred due to improper handling of user input when creating or editing blog articles, which could lead to storage-based...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of user input when creating or editing blog articles in the category section, which could lea...

Joomla! CMS 跨站脚本漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a cross-site scripting vulnerability, which stems from the lack of output escaping in article titles, potentially leading to cross-site scripting attacks...

baserCMS 跨站脚本漏洞

BaserCMS is a corporate-level content management system CMS developed by the baserCMS team. Versions of baserCMS prior to 5.2.3 had a cross-site scripting vulnerability; this vulnerability originated from a blog article-related feature module and made it susceptible to cross-site scripting attack...

CVE-2026-4616

A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the...

CVE-2019-25640

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...

CVE-2019-25640 Inout Article Base CMS Lastest SQL Injection via portalLogin.php

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...

CVE-2026-4616

A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the...