GHSA-G2G8-95QG-V35H HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint

Summary HaxCMS is affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by injecting an event handler attribute without whitespace before the attribute name. For example...

EUVD-2026-26456

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...

Bootstrap CMS 注入漏洞

Bootstrap CMS is an open-source content management system based on PHP. The Bootstrap CMS 0.9.0-alpha version has a vulnerability due to an unknown function in the Page Creation Handler component file resources/views/pages/show.blade.php, which allows for code injection when manipulating the body...

GHSA-XW45-CC32-442F Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber

Summary The PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber...

PT-2026-29709

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.8.0 Description The PUT /api/v1/subscriber/imsi API endpoint accepts an IMSI identifier from both the URL path and the JSON request body without verifying they match. This allows an authenticated NetworkManager to...

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...

PT-2026-27448

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...

CVE-2026-29840

JiZhiCMS v2.5.6 and earlier are affected by a Stored XSS in the release function (app/home/c/UserController.php). The sanitizer only filters [removed] tags and fails to recursively remove dangerous event handlers in other HTML tags (e.g., onerror in ). An authenticated remote attacker can inject ...

CVE-2019-25613 Easy Chat Server 3.1 Denial of Service via message Parameter

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large...

CVE-2019-25613

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large...

CVE-2026-23617

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Body conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXBCondition parameter to...

Willow CMS 代码注入漏洞

Willow CMS is a content management system by mndeaves individual developers. A code injection vulnerability exists in Willow CMS 1.4.0 and earlier versions, which stems from an incorrect manipulation of the parameters title/body in the file /admin/articles/add, which could lead to a cross-site...

EUVD-2006-1147

Malware in sbrugna...

EUVD-2020-23509

Malware in sbrugna...

EUVD-2006-0788

Malware in sbrugna...

EUVD-2018-18221

Malware in sbrugna...

EUVD-2008-5727

Malware in sbrugna...

PT-2024-17472 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A vulnerability has been found in DedeCMS, affecting an unknown function of the file /member/article add.php. The manipulation of the body argument leads to cross-site scripting. It is possible to launch t...

DesDev DedeCMS 代码注入漏洞

DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China Zhuozhuo DesDev. The system has features such as content publishing, content management, content editing and content retrieval. A code injection vulnerability exists in DesDe...