14 matches found
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the category title field in blog category management. An attacker can execute arbitrary JavaScript in the browsers of users who view affected...
CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Blogs Posts Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Categories Description The application fails to properly sanitize user-controlled input wh...
CVE-2026-34569
CI4MS is a CodeIgniter 4–based CMS skeleton. Prior to version 0.31.0.0, it fails to sanitize input when creating/editing blog categories, allowing stored XSS via the category title that is rendered unsafely across public blog/category pages and admin views. The issue is fixed in 0.31.0.0. The CVS...
EUVD-2018-8437
Malware in sbrugna...
EUVD-2019-11055
Malware in sbrugna...
CVE-2025-8740 zhenfeng13 My-Blog Category save cross site scripting
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads to cross site scripting. It is possible to...
October CMS 3.4.0 Category Cross Site Scripting
OctoberCMS v3.4.0 Category Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...
CVE-2021-41731
Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...
CVE-2021-41731
Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...
CVE-2021-41731
Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...
CVE-2019-20511
ERPNext 11.1.47 allows blog?blogcategory= Frame Injection...
CVE-2019-20511
ERPNext 11.1.47 allows blog?blogcategory= Frame Injection...
Design/Logic Flaw
ERPNext 11.1.47 allows blog?blogcategory= Frame Injection...
CVE-2018-16632
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?tofield=id&popup=1 title parameter at admin/blog/blogpost/add/...