16 matches found
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name field in blog tag management. An attacker can execute arbitrary JavaScript in the browsers of users, including administrators, by...
CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Tag Name Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Tag Name in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inje...
Stored Cross-site Scripting (XSS)
getformwork/formwork is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of input in the blog tag field, which allows an attacker to inject malicious scripts that execute in the browser of any authenticated user accessing or editing the affected blo...
CVE-2025-65956
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
CVE-2025-65956
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
Formwork 跨站脚本漏洞
Formwork is Formwork open source a flat file based content management system CMS. It is used to build and manage simple websites. A cross-site scripting vulnerability exists in Formwork versions prior to 2.2.0, which stems from an uncleaned blog tag field input that could lead to a stored...
Cross-site Scripting (XSS)
Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog tag field. An attacker can execute arbitrary scripts in the context of another user's browser...
CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
CVE-2021-46026
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
CVE-2021-46026
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
Cross site scripting
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
CVE-2021-46026
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...
CVE-2021-46027
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added...
PT-2022-12511 · Unknown · Mysiteforme
Name of the Vulnerable Software and Affected Versions: mysiteforme affected versions not specified Description: The issue concerns a Cross Site Scripting XSS vulnerability via the add blog tag function in the background blog management. This allows for potential malicious script execution...
SQL injection - moodle
// http://www.w4cking.com Product: moodle 1.6.2 http://www.moodle.org Vulnerability: SQL injection Notes: - SQL injection can be used to obtain password hash - the moodle blog "module" must be enabled - guest access to the blog must be enabled POC:...