EUVD-2024-3156

Malicious code in bioql PyPI...

ERPNext 跨站脚本漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...

CVE-2020-22392

Cross Site Scripting XSS vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file...

SITOS six Build Cross-Site Scripting Vulnerability

SITOS is a modular e-learning system. The system includes features such as audio playback, video playback, forums, blogs and social media. A cross-site scripting vulnerability exists in the blog feature in SITOS six Build v6.2.1. The vulnerability stems from the WEB application lacking proper...

Moodle 'index.php' 'tag' Parameter SQL Injection

The installed version of Moodle fails to properly sanitize user- supplied input to the 'tag' parameter of the 'blog/index.php' script before using it in database queries. Provided the blog feature is enabled, an unauthenticated attacker can leverage this issue to manipulate database queries to...