CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...

LeptonCMS 跨站脚本漏洞

LeptonCMS is a content management system CMS. A cross-site scripting vulnerability exists in LeptonCMS version 4.7.0, which stems from the lack of effective filtering and escaping of user-supplied data in the backend/pages/modify.php file, which can be exploited by an attacker to execute arbitrar...

Amr Users < 4.59.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Name of list" field in the User Lists Overview ...

Directory Traversal Vulnerability in Xunrui CMS Backend Pages

Sichuan Xunruiyun Software Development Co., Ltd. is an Internet enterprise focusing on providing informatization services for small and medium-sized enterprises, mainly engaged in PHP language CMS website management system, offline communication and information engineering, online and offline...

CVE-2018-16635

Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php...

BlackCat CMS Cross-Site Scripting Vulnerability (CNVD-2018-14549)

BlackCatCMS is an open source content management system CMS that supports both English and German. A cross-site scripting vulnerability exists in the backend/pages/modify.php file in BlackCatCMS version 1.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML v...