CVE-2025-3964

A vulnerability, which was classified as problematic, was found in withstars Books-Management-System 1.0. Affected is an unknown function of the file /api/article/del of the component Article Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack...

CVE-2025-3963

A vulnerability, which was classified as critical, has been found in withstars Books-Management-System 1.0. This issue affects some unknown processing of the file /admin/article/list of the component Background Interface. The manipulation leads to missing authorization. The attack may be initiate...

Books-Management-System 安全漏洞

Books-Management-System is a book management system by withstars individual developers. A security vulnerability exists in Books-Management-System version 1.0, which stems from a cross-site request forgery due to a misbehavior in file/api/article/del...

paicoding 安全漏洞

paicoding is an open source community system for itwanger individual developers. A security vulnerability exists in paicoding version 1.0.3, which stems from improper authorization due to misuse of the parameter articleId in the file /article/api/post...

Books-Management-System 代码注入漏洞

Books-Management-System is a book management system by withstars individual developers. A code injection vulnerability exists in Books-Management-System version 1.0, which originates from cross-site scripting due to a misbehavior of the Title parameter in the file /admin/article/add/do...

Books-Management-System 安全漏洞

Books-Management-System is a book management system by withstars individual developers. A security vulnerability exists in Books-Management-System version 1.0, which stems from an incorrect operation of the file /admin/article/list resulting in a missing authorization...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

This Week in Spring - April 22nd, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring , which I'm writing from magnificent Minneapolis, Minnesota, where I'm recording an amazing Frontend Masters course introducing Spring Boot. I love this article introducing Spring AI in JavaPro magazine Want to run an LLM...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image title sub-field in the image field. Details Cross-site scripting or X...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the ueditor component in the article management module. An attacker can execute arbitrary code by uploading a malicious XML file. Remediation Upgrade net.mingsoft:ms-mcms to version 5.5.0 or higher. References ...

GHSA-H75C-F2XX-9VXV OpenCMS Cross-Site Scripting vulnerability

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image copyright sub-field in the image field. Details Cross-site scripting ...

GHSA-7M3W-M5G3-CC88 OpenCMS cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from cross-site scripting in the title subfield of the image field in the Create/Modify article function, which could lead to the injection of a javascript...

PT-2025-17444 · Alkacon · Alkacon Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A Cross Site Scripting vulnerability in the Create/Modify article function allows a remote attacker to inject a javascript payload via the image title sub-field in the image field. Recommendations: Fo...

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the author field when publishing an article. Details Cross-site scripting or XSS is a code vulnerability that...

Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

GHSA-VQ95-6X79-QV8J Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...