Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 6:7 a.m.14 views

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

4.1CVSS5.5AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 8:16 p.m.18 views

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

4.1CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.21 views

CVE-2026-37700

MaxSite CMS v.109.2 is affected by a Cross Site Scripting (XSS) vulnerability via the Backend page file upload endpoint used by admin_page. The CVE-2026-37700 description states an attacker can obtain sensitive information through this endpoint. CVSS v3.1 score is 4.1 (Medium); attack vector Netw...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.34 views

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46059

Name of the Vulnerable Software and Affected Versions MaxSite CMS version 109.2 Description A Cross Site Scripting issue allows a remote attacker to obtain sensitive information. This occurs via the Backend page file upload endpoint used by admin page. Recommendations At the moment, there is no...

4.1CVSS5.5AI score0.00186EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34180

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

5.8AI score0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.7 views

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

MaxSite CMS 安全漏洞

MaxSite CMS is an open-source website content management system developed by MaxSite in Russia. Version 109.2 of MaxSite CMS has a security vulnerability. This vulnerability stems from a cross-site scripting vulnerability in the backend page file upload endpoint, which could allow remote attacker...

4.1CVSS5.1AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11490

Malware in sbrugna...

6.1CVSS6.2AI score0.008EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-34792

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.0055EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.9 views

CVE-2021-24578

The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its matchday parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.008EPSS
Exploits2References1
OSV
OSV
added 2025/01/07 8:15 a.m.2 views

CVE-2024-11626

Improper Neutralization of Input During CMS Backend adminstrative section Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from...

4.8CVSS5.8AI score0.00344EPSS
Exploits0References2
wpexploit
wpexploit
added 2022/10/27 12:0 a.m.115 views

Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. v response.text...

8.8CVSS0.2AI score0.02971EPSS
Exploits1
OSV
OSV
added 2022/08/29 6:15 p.m.4 views

CVE-2022-2538

The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.0055EPSS
Exploits2References1
CNVD
CNVD
added 2020/07/17 12:0 a.m.1 views

File upload vulnerability in MCMS backend up***.do page

MCMS is a website building system of MINGFEI TECHNOLOGY CO. A file upload vulnerability exists in the MCMS backend up.do page. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/07/13 12:0 a.m.1 views

SQL Injection Vulnerability in ZZCMS Backend as***.php Page

ZZCMS is a free website builder developed in asp language. ZZCMS background as.php page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/04/26 12:0 a.m.1 views

Command Execution Vulnerability in WeiPHP Backend Ap***.php Page

WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. WeiPHP Ap.php page in the background there is a command execution vulnerability, attackers can use the vulnerability to obtain server privileges...

7.2AI score
Exploits0
CNVD
CNVD
added 2020/04/07 12:0 a.m.1 views

SQL Injection Vulnerability in ZZCMS Backend dl_se***.php Page

zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the dlse.php page in the background of ZZCMS, which can be exploited by attackers to obtain sensitive information from the database...

7.7AI score
Exploits0
CNVD
CNVD
added 2020/01/13 12:0 a.m.1 views

File upload vulnerability in MyuCMS backend Co***.php page

MyuCMS open source content management system developed using ThinkPHP community mall. A file upload vulnerability exists in the Co.php page of MyuCMS backend. Attackers can exploit the vulnerability to upload webshell and gain server privileges...

7.2AI score
Exploits0
CNVD
CNVD
added 2020/01/03 12:0 a.m.2 views

SQL Injection Vulnerability in CRMEB Mall System Backend Sy***.php Page

CRMEB mall system is a new retail mobile e-commerce system developed based on ThinkPhp6.0+Vue. CRMEB mall system background Sy.php page SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...

7.8AI score
Exploits0
Rows per page
Query Builder