3 matches found
CVE-2026-34569
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog categories. An attacker can injec...
Shopify: www.shopify.com XSS on blog pages via sharing buttons
social sharing buttons facebook and linkedin vulnerable to xss at www.shopify.com/guides/ www.shopify.com/videos/ and www.shopify.com/success-stories/ steps to reproduce: - go to page https://www.shopify.com/videos/pop-up-shop?x=';alert1// - share this page by clicking facebook or linkedin sharin...
Design/Logic Flaw
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to 1 edit the profile pages of arbitrary users, and obtain sensitive information from 2 tracker and 3 blog pages, related to a missing check for the "access content" permission; and 4 allows remote...