Lucene search
K

14 matches found

Snyk
Snyk
added 2026/04/01 10:7 p.m.3 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the category title field in blog category management. An attacker can execute arbitrary JavaScript in the browsers of users who view affected...

9.9CVSS6AI score0.00324EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/01 10:6 p.m.9 views

CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Blogs Posts Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Categories Description The application fails to properly sanitize user-controlled input wh...

9.1CVSS6.2AI score0.00269EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/01 9:29 p.m.18 views

CVE-2026-34569

CI4MS is a CodeIgniter 4–based CMS skeleton. Prior to version 0.31.0.0, it fails to sanitize input when creating/editing blog categories, allowing stored XSS via the category title that is rendered unsafely across public blog/category pages and admin views. The issue is fixed in 0.31.0.0. The CVS...

9.9CVSS5.7AI score0.00324EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2018-8437

Malware in sbrugna...

4.8CVSS4.9AI score0.00615EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-11055

Malware in sbrugna...

6.1CVSS5AI score0.00675EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/08 9:2 p.m.4 views

CVE-2025-8740 zhenfeng13 My-Blog Category save cross site scripting

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads to cross site scripting. It is possible to...

4.8CVSS6.4AI score0.00247EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.296 views

October CMS 3.4.0 Category Cross Site Scripting

OctoberCMS v3.4.0 Category Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...

7.4AI score
Exploits0
OSV
OSV
added 2022/09/16 5:15 p.m.2 views

CVE-2021-41731

Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...

4.8CVSS5.8AI score0.00741EPSS
Exploits2References3
NVD
NVD
added 2022/09/16 5:15 p.m.19 views

CVE-2021-41731

Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...

4.8CVSS0.00741EPSS
Exploits2References3
Cvelist
Cvelist
added 2022/09/16 4:18 p.m.24 views

CVE-2021-41731

Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...

5.3AI score0.00741EPSS
Exploits2References3
NVD
NVD
added 2020/03/18 7:15 p.m.10 views

CVE-2019-20511

ERPNext 11.1.47 allows blog?blogcategory= Frame Injection...

6.1CVSS5.2AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2020/03/18 7:15 p.m.13 views

CVE-2019-20511

ERPNext 11.1.47 allows blog?blogcategory= Frame Injection...

6.1CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2020/03/18 7:15 p.m.12 views

Design/Logic Flaw

ERPNext 11.1.47 allows blog?blogcategory= Frame Injection...

4.3CVSS6.3AI score0.00675EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/28 5:29 p.m.13 views

CVE-2018-16632

Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?tofield=id&popup=1 title parameter at admin/blog/blogpost/add/...

4.8CVSS5.4AI score0.00615EPSS
Exploits1References1
Rows per page
Query Builder