23 matches found
Stored Cross-Site Scripting
XWiki Blog Application is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper escaping of blog post titles before insertion into the HTML tag, allowing attackers with blog editing permissions to inject malicious JavaScript that executes in the browser of users...
📄 XWiki Blog Cross Site Scripting
XWiki Blog versions prior to 9.15.7 suffer from a persistent cross site scripting vulnerability via the blog post title. CVE-2025-66024: XWiki Blog Application home page vulnerable to Stored XSS via Post Title Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66024 | | Severity | HIGH | ...
Exploit for CVE-2025-66024
CVE-2025-66024: XWiki Blog Application home page vulnerable to...
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
EUVD-2025-208293
XWiki Blog Application home page vulnerable to Stored XSS via Post Title...
XWiki Blog Application home page vulnerable to Stored XSS via Post Title
Impact The Blog Application is vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious...
PT-2026-23065
Name of the Vulnerable Software and Affected Versions XWiki versions prior to 9.15.7 Description The XWiki blog application is susceptible to Stored Cross-Site Scripting XSS through the Blog Post Title. The issue occurs because the post title is directly inserted into the HTML tag without...
EUVD-2024-38294
Malicious code in bioql PyPI...
CVE-2025-58365 XWiki Blog Application: Privilege Escalation (PR) from account through blog content
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user...
XWiki Contrib Mocca Calendar Application 安全漏洞
XWiki Contrib Mocca Calendar Application is an XWiki plugin from XWiki Contrib open source. A security vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 9.14, which stems from a remote code execution in the blog application...
PT-2025-36622
Impact The blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type Blog.BlogPostClass to any page and to add some...
ZrLog Cross-Site Scripting Vulnerability (CNVD-2021-46876)
ZrLog is a blog/CMS program developed in Java that is minimalist, easy to use, componentized, and has a low memory footprint. A cross-site scripting vulnerability exists in ZrLog version 2.1.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the userName and email...
Hulihan Applications Amethyst HTML Injection Vulnerability
Hulihan Applications Amethyst is a U.S. Hulihan Applications, Inc. based on Ruby on Rails a set of open-source Web application framework based on the Ruby language of the open-source blog application . An HTML injection vulnerability exists in Hulihan Applications Amethyst, which stems from the...
SAT1 Portal Website - SQL Injection Vulnerability
Document Title: =============== SAT1 Portal Website - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=377 Release Date: ============= 2012-01-06 Vulnerability Laboratory ID VL-ID: ==================================== 377 Produ...
FreeBSD : serendipity -- multiple XSS vulnerabilities (9c133aa0-12bd-11dd-bab7-0016179b2dd5)
Hanno Boeck reports : The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely. Various path fields are not escaped properly, thus filling them with JavaScript code will lead to XSS. MySQL error messages are n...
Cross site scripting in mephisto 0.7.3
Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com https://vulners.com/cve/CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal sessio...
CVE-2007-1873.txt
Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can b...
A-Blog 1.0 - Cross-Site Scripting
A-Blog 1.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/21716/info The 'a-blog' application is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script cod...