Lucene search
K

16 matches found

Snyk
Snyk
added 2026/04/01 9:53 p.m.4 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name field in blog tag management. An attacker can execute arbitrary JavaScript in the browsers of users, including administrators, by...

9.1CVSS6AI score0.00324EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/01 9:53 p.m.25 views

CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Blog Tag Name Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Tag Name in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inje...

9.1CVSS6.2AI score0.00324EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/12/13 6:24 a.m.10 views

Stored Cross-site Scripting (XSS)

getformwork/formwork is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of input in the blog tag field, which allows an attacker to inject malicious scripts that execute in the browser of any authenticated user accessing or editing the affected blo...

6.5CVSS5.7AI score0.00174EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/26 11:52 p.m.19 views

CVE-2025-65956

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

6.5CVSS6.2AI score0.00174EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 12:15 a.m.5 views

CVE-2025-65956

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

6.5CVSS0.00174EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.5 views

Formwork 跨站脚本漏洞

Formwork is Formwork open source a flat file based content management system CMS. It is used to build and manage simple websites. A cross-site scripting vulnerability exists in Formwork versions prior to 2.2.0, which stems from an uncleaned blog tag field input that could lead to a stored...

6.5CVSS5.7AI score0.00174EPSS
Exploits1References4
Snyk
Snyk
added 2025/11/25 11:56 p.m.5 views

Cross-site Scripting (XSS)

Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog tag field. An attacker can execute arbitrary scripts in the context of another user's browser...

6.5CVSS5.4AI score0.00174EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/25 11:20 p.m.2 views

CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

6.5CVSS6AI score0.00174EPSS
Exploits1References3
OSV
OSV
added 2025/11/25 11:20 p.m.5 views

CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

6.5CVSS6.3AI score0.00174EPSS
Exploits1References5
OSV
OSV
added 2022/01/20 12:15 a.m.5 views

CVE-2021-46026

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...

5.4CVSS5.8AI score0.00441EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/01/20 12:15 a.m.5 views

CVE-2021-46026

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...

5.4CVSS5.9AI score0.00441EPSS
Exploits1References2
Prion
Prion
added 2022/01/20 12:15 a.m.16 views

Cross site scripting

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...

3.5CVSS5.2AI score0.00441EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/01/19 11:4 p.m.16 views

CVE-2021-46026

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...

5.5AI score0.00441EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/01/19 11:1 p.m.22 views

CVE-2021-46027

mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added...

6.7AI score0.00416EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/01/19 12:0 a.m.6 views

PT-2022-12511 · Unknown · Mysiteforme

Name of the Vulnerable Software and Affected Versions: mysiteforme affected versions not specified Description: The issue concerns a Cross Site Scripting XSS vulnerability via the add blog tag function in the background blog management. This allows for potential malicious script execution...

5.4CVSS6AI score0.00441EPSS
Exploits1References3
securityvulns
securityvulns
added 2006/10/09 12:0 a.m.65 views

SQL injection - moodle

// http://www.w4cking.com Product: moodle 1.6.2 http://www.moodle.org Vulnerability: SQL injection Notes: - SQL injection can be used to obtain password hash - the moodle blog "module" must be enabled - guest access to the blog must be enabled POC:...

0.2AI score
Exploits0
Rows per page
Query Builder