3656 matches found
emlog 安全漏洞
emlog is a PHP and MySQL based CMS website builder for emlog personal developers. A security vulnerability exists in emlog Pro v2.5.4, which originates from the /admin/article.php file and is susceptible to cross-site scripting attacks...
CVE-2025-25823
CVE-2025-25823 is an XSS in Emlog Pro v2.5.4. An attacker can inject a crafted payload into the article header at /admin/article.php to execute arbitrary web scripts/HTML. Reported impact per sources: arbitrary script execution, with CVSSv3.1 vector indicating local access, user interaction requi...
CVE-2025-25823
A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php...
CVE-2025-25823
A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php...
CVE-2025-25973
A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters...
PT-2025-7592 · Phpress · Ppress
Name of the Vulnerable Software and Affected Versions: Ppress version 0.0.9 Description: A stored Cross-Site Scripting vulnerability in the "related recommendations" feature allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and...
2025-02 Dynamic Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5051974)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
2025-02 Dynamic Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5051974)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
2025-02 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5052006)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
CVE-2025-26490
...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the article name field in plugins/content/pages/content.php, accessible over the content/edit endpoint. An attacker can steal cookies and perform session hijacking by injecting malicious scripts. Details...
Stored XSS in REDAXO
Summary Stored XSS in REDAXO 5.18.1 - Article / "content/edit". Details On the latest version of Redaxo, v5.18.1, the article name field is susceptible to stored XSS. Impact A malicious actor can easily steal cookie using this stored XSS and perform a session hijacking attack...
CVE-2024-57498
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function...
CVE-2024-57599
Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php...
DouCo DouPHP 安全漏洞
DouCo DouPHP is a lightweight enterprise content management system CMS from China DouCo. A security vulnerability exists in DouCo DouPHP v.1.8, which originates from an arbitrary code execution vulnerability in the description parameter of the /admin/article.php page...
CVE-2024-28865
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...
CVE-2024-57498
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function...
CVE-2024-57498
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function...
CVE-2024-57498
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function...
CVE-2024-57498
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function...