CVE-2024-57498

CVE-2024-57498 affects sayski ForestBlog (version 20241223). The vulnerability is a Cross-Site Scripting flaw in the article editing function that can allow a remote attacker to escalate privileges. Affected software/component: ForestBlog 20241223, sayski. Root cause: XSS in article editing. Impa...

Friday Squid Blogging: On Squid Brains

Interesting. Blog moderation policy...

CVE-2025-0871 Maybecms Add Article index.php cross site scripting

A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of the argument datainfocontent leads to cross site scripting. It is possible to initiate the attack...

Maybecms 代码注入漏洞

Maybecms is a web application in the Upgradeextension open source. A code injection vulnerability exists in Maybecms version 1.2, which stems from the parameter datainfocontent in the file /mb/admin/index.php?u=article-edit can lead to cross-site scripting...

PT-2025-4080 · Maybecms · Maybecms

Name of the Vulnerable Software and Affected Versions: Maybecms version 1.2 Description: A problematic issue has been found in Maybecms, affecting an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of the data infocontent argument leads t...

CVE-2025-0490

A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/articledodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has be...

CVE-2025-0490 Fanli2012 native-php-cms article_dodel.php sql injection

A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/articledodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has be...

native-php-cms 安全漏洞

native-php-cms is a website builder system for FLi individual developers. A security vulnerability exists in version 1.0 of native-php-cms, which stems from a parameter id in the file /fladmin/articledodel.php that can lead to SQL injection...

2025-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5049983)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2025-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for ARM64 (KB5050188)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Cross-site Scripting (XSS)

Overview mediawiki/article-feedbackv5 is a MediaWiki extension designed to engage readers in the assessment of article quality Affected versions of this package are vulnerable to Cross-site Scripting XSS via messages passed in as articlefeedbackv5-activity-pane-header, which is not escaped. Detai...

WordPress plugin AI Scribe SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin AI...

CVE-2024-13202

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument...

CVE-2024-13202 wander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scripting

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument...

REDAXO 代码注入漏洞

REDAXO is REDAXO open source a content management system . REDAXO 5.18.1 version of the existence of code injection vulnerability , the vulnerability stems from the file / index.php?page=structure&categoryid=1&articleid=1&clang=1&function=editart&artstart=0 of Article Name parameter can lead to...

PT-2025-2060 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A vulnerability was found in the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The...

emlog 代码注入漏洞

emlog is a PHP and MySQL based CMS builder. A cross-site scripting vulnerability exists in the emlog /admin/article.php processing IMAGE, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive information or hijack user sessions whe...

Information Exposure

Overview collaborative-article-sharing is a Command-line interface for interacting with the CAS API Affected versions of this package are vulnerable to Information Exposure because the Flask application runs in debug mode in a production environment. Remediation Upgrade...

CVE-2024-13032

A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Affected by this vulnerability is an unknown functionality of the file /admin/content/editor of the component Article Editor. The manipulation of the argument articleCover leads to server-side request forgery...

CVE-2024-13032

A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Affected by this vulnerability is an unknown functionality of the file /admin/content/editor of the component Article Editor. The manipulation of the argument articleCover leads to server-side request forgery...