Stupid Simple CMS Security Vulnerability

Stupid Simple CMS is a content management system by codelyfe individual developer. A security vulnerability exists in Stupid Simple CMS v1.2.4, which stems from a cross-site request forgery CSRF vulnerability via /update-article.php...

CVE-2024-22939

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/categoryedit component...

CVE-2024-22939

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/categoryedit component...

FlyCms Security Vulnerability

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu based on Q&A completely open source JAVA language development of social networking site builder . FlyCms v.1.0 version of a security vulnerability . Remote attackers use this vulnerability through the...

Cross-site Scripting (XSS)

Enhavo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Create Tag functionality, allowing attackers to inject arbitrary web scripts or HTML via a crafted payload into the Create Tag field within the New/Edit Article panel...

GHSA-FMG4-X8PW-HJHG Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard "" while also having the Access-Control-Allow-Credentials set to true...

Enhavo Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

GHSA-38M8-5GFC-663G Enhavo Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

PT-2024-21178 · Unknown · Enhavo Cms

Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the New/Edit Article module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. Recommendations: F...

Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization

Description The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticat...

CVE-2024-25381

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...

CVE-2024-25381

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...

Cross site scripting

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...

CVE-2024-25381

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...

PT-2024-20909 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro version 2.2.8 Description: The issue is related to a Stored XSS vulnerability in the article publishing feature, caused by the non-filtering of quoted content. Recommendations: For Emlog Pro version 2.2.8, update to a newer version...

CVE-2024-25381

CVE-2024-25381 : A stored XSS vulnerability exists in Emlog Pro 2.2.8 Article Publishing due to non-filtering of quoted content. Affected component: article publishing feature in Emlog Pro 2.2.8. Root cause: input containing quoted content is not properly sanitized, enabling injection of script t...

2024-02 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5034768)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2024-02 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5034768)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...