CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

CVE-2025-53923 Emlog vulnerable to reflected Cross-site Scripting in admin panel

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...

CVE-2020-20426

S-CMS Government Station Building System v5.0 contains a cross-site scripting XSS vulnerability in /function/booksave.php...

CVE-2020-20425

S-CMS Government Station Building System v5.0 contains a cross-site scripting XSS vulnerability in the search function...

ABB ASPECT 安全漏洞

ABB ASPECT is a scalable building energy management and control solution from ABB Switzerland. ABB ASPECT has a security vulnerability that stems from the inclusion of a configuration download vulnerability...

115cms 代码注入漏洞

115cms is a multi-module intelligent website building system of Guizhou Forxin Technology 115cms Company in China. 115cms suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious scripts into web pages for execution in other users' browsers...

71cms 安全漏洞

71CMS is a smart party building system open source by xiaocheng-keji. A security vulnerability exists in 71cms v1.0.0, which stems from the presence of a Server Request Forgery SSRF vulnerability...

Authentication flaw

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...

CVE-2024-1817 Demososo DM Enterprise Website Building System Cookie indexDM_load.php dmlogin improper authentication

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...

CVE-2024-1817

The CVE-2024-1817 entry concerns Demososo DM Enterprise Website Building System (versions up to 2022.8) with a Cookie Handler flaw in function dmlogin (indexDM_load.php). The root cause is improper authentication due to manipulating the is_admin argument (input y), allowing remote exploitation. P...

Demososo DM Enterprise Website Building System License Issues Vulnerability

Demososo DM Enterprise Website Building System is a system website of Demososo Inc. An authorization issue vulnerability exists in Demososo DM Enterprise Website Building System version 2022.8 and earlier, which stems from a security issue in the dmlogin function of indexDMload.php in the compone...

ForU CMS SQL注入漏洞

ForU CMS is ForU open source a website building system . ForU CMS 2020-06-23 and earlier versions suffer from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database data...

Beijing UpCloud Technology Development Co., Ltd. website building system has SQL injection vulnerability

Beijing UpCloud Technology Development Co., Ltd. was established on July 30, 2009. The company's business scope includes: technology promotion services; economic trade consulting; computer graphic design; advertising design, production; enterprise planning; software development, etc. Ltd. has a S...

File upload vulnerability exists in the website building system of Hangzhou Bocai Network Technology Co.

Ltd. is an innovative company that provides comprehensive digital services including strategy consulting, visual design, technology development, content manufacturing and marketing. There is a file upload vulnerability in the website building system of Hangzhou Bocai Network Technology Co...

SQL Injection Vulnerability in Website Building System of Siltronic Technology Limited (CNVD-2022-41797)

Siltronic is a company dedicated to the cause of disaster prevention and mitigation in China, providing the government with comprehensive solutions for disaster prevention and mitigation informatization. A SQL injection vulnerability exists in the website builder system of Siltronic Technology...

SQL Injection Vulnerability in Website Building System of Siltronic Technology Limited (CNVD-2022-25679)

Siltronic is a company dedicated to the cause of disaster prevention and mitigation in China, providing the government with comprehensive solutions for disaster prevention and mitigation informatization. A SQL injection vulnerability exists in the website builder system of Siltronic Technology...

S-CMS cross-site scripting vulnerability in Zibo Shining Network Technology Co.

S-CMS is a PHP and MySQL-based content management system CMS from S-CMS China. A security vulnerability exists in S-CMS Government Station Building System v5.0, which can be exploited by attackers to execute cross-site scripting attack XSS via /function/booksave.php...

S-CMS Cross-Site Scripting Vulnerability in Zibo Shining Network Technology Co.

S-CMS is a PHP and MySQL based content management system CMS from Zibo Shining Network Technology Co., Ltd. in China. A security vulnerability exists in S-CMS Government Station Building System v5.0, which can be exploited by attackers to perform cross-site scripting attacks XSS...

CVE-2020-20426

S-CMS Government Station Building System v5.0 contains a cross-site scripting XSS vulnerability in /function/booksave.php...

Cross site scripting

S-CMS Government Station Building System v5.0 contains a cross-site scripting XSS vulnerability in the search function...