CVE-2026-39387 BoidCMS: Local File Inclusion (LFI) leads to Remote Code Execution (RCE) via tpl parameter

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

Exploit for Cross-site Scripting in Boidcms

CVE-2024-53255 boid CMS 2.1.1 - reflected Cross-Site Scripting...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-32342

Boid CMS v2.1.0 is affected by an XSS in the Create Page, exploitable via a crafted payload to the Permalink parameter. The vulnerability arises from improper handling of input in the Create Page flow, allowing attackers to execute arbitrary scripts/HTML in the context of users viewing the affect...

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

PT-2024-24521 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: Boid CMS version 2.1.0 Description: A cross-site scripting XSS vulnerability in the Create Page of Boid CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. Recommendations...

CVE-2024-32343

Boid CMS v2.1.0 has an XSS vulnerability in the Create Page, exploitable by injecting a crafted payload into the Content parameter. The issue is documented across multiple sources with no explicit exploitation details provided and a CVSS v3.1 base score of 6.1 (MEDIUM), requiring user interaction...

PT-2024-24522 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: Boid CMS version 2.1.0 Description: A cross-site scripting XSS vulnerability in the Create Page of Boid CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. Recommendations:...