Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Snyk
Snykadded 2026/01/30 4:55 p.m.2 views

Cross-site Scripting (XSS)

Overview OrchardCore is an application framework for building modular, multi-tenant applications on ASP.NET Core. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MarkdownBodyPart.Source parameter during blog post creation. An attacker can execute arbitrary...

6.4CVSS5.5AI score0.00131EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/12/23 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-53952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through th...

8.8CVSS6.8AI score0.00746EPSS
Exploits1References2
OSV
OSVadded 2025/12/19 9:15 p.m.4 views

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

8.7CVSS8.6AI score
Exploits0References3
UbuntuCve
UbuntuCveadded 2025/12/19 9:15 p.m.5 views

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

8.8CVSS6.7AI score0.00746EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-19059

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS
Exploits0References2
Prion
Prionadded 2022/11/29 1:15 p.m.20 views

Design/Logic Flaw

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

5.8CVSS6.2AI score0.00293EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2021/09/14 12:15 p.m.9 views

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

6.1CVSS0.0024EPSS
Exploits0References1
OSV
OSVadded 2021/09/14 12:15 p.m.1 views

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

6.1CVSS5.8AI score0.0024EPSS
Exploits0References1
CVE
CVEadded 2021/09/14 11:37 a.m.49 views

CVE-2021-32202

CS-Cart 4.11.1 is affected by a cross-site scripting (XSS) vulnerability that can be triggered by manipulating the blog post description field during post creation. The root cause, as described in CNNVD, is insufficient validation/escaping of user input in the post description, enabling copy-past...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder