29 matches found
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37700
MaxSite CMS v.109.2 is affected by a Cross Site Scripting (XSS) vulnerability via the Backend page file upload endpoint used by admin_page. The CVE-2026-37700 description states an attacker can obtain sensitive information through this endpoint. CVSS v3.1 score is 4.1 (Medium); attack vector Netw...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
PT-2026-46059
Name of the Vulnerable Software and Affected Versions MaxSite CMS version 109.2 Description A Cross Site Scripting issue allows a remote attacker to obtain sensitive information. This occurs via the Backend page file upload endpoint used by admin page. Recommendations At the moment, there is no...
EUVD-2026-34180
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
MaxSite CMS 安全漏洞
MaxSite CMS is an open-source website content management system developed by MaxSite in Russia. Version 109.2 of MaxSite CMS has a security vulnerability. This vulnerability stems from a cross-site scripting vulnerability in the backend page file upload endpoint, which could allow remote attacker...
EUVD-2021-11490
Malware in sbrugna...
EUVD-2022-34792
Malicious code in bioql PyPI...
CVE-2021-24578
The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its matchday parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue...
CVE-2024-11626
Improper Neutralization of Input During CMS Backend adminstrative section Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from...
Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. v response.text...
CVE-2022-2538
The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting...
File upload vulnerability in MCMS backend up***.do page
MCMS is a website building system of MINGFEI TECHNOLOGY CO. A file upload vulnerability exists in the MCMS backend up.do page. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
SQL Injection Vulnerability in ZZCMS Backend as***.php Page
ZZCMS is a free website builder developed in asp language. ZZCMS background as.php page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...
Command Execution Vulnerability in WeiPHP Backend Ap***.php Page
WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. WeiPHP Ap.php page in the background there is a command execution vulnerability, attackers can use the vulnerability to obtain server privileges...
SQL Injection Vulnerability in ZZCMS Backend dl_se***.php Page
zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the dlse.php page in the background of ZZCMS, which can be exploited by attackers to obtain sensitive information from the database...
File upload vulnerability in MyuCMS backend Co***.php page
MyuCMS open source content management system developed using ThinkPHP community mall. A file upload vulnerability exists in the Co.php page of MyuCMS backend. Attackers can exploit the vulnerability to upload webshell and gain server privileges...
SQL Injection Vulnerability in CRMEB Mall System Backend Sy***.php Page
CRMEB mall system is a new retail mobile e-commerce system developed based on ThinkPhp6.0+Vue. CRMEB mall system background Sy.php page SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...