Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the category title field in blog category management. An attacker can execute arbitrary JavaScript in the browsers of users who view affected...

GHSA-FHRF-Q333-82FM CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Blog Category Title Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Category Title in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog categories. An...

CVE-2026-34569

CI4MS is a CodeIgniter 4–based CMS skeleton. Prior to version 0.31.0.0, it fails to sanitize input when creating/editing blog categories, allowing stored XSS via the category title that is rendered unsafely across public blog/category pages and admin views. The issue is fixed in 0.31.0.0. The CVS...

GHSA-584P-RPVQ-35VF AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables

Summary The fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized queries. An attacker who can trigger category creation or renaming with a craft...

CVE-2023-53904

Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded,...

CVE-2023-53904

CVE-2023-53904 affects XenForo 2.2.13: authenticated administrators can trigger a stored XSS via the smilie category title parameter, with scripts executing when the admin panel loads. Public detail confirms the issue, its stored nature, and that the vulnerability is exploitable in the admin cont...

PT-2025-51942

Name of the Vulnerable Software and Affected Versions Xenforo version 2.2.13 Description The software contains a stored cross-site scripting issue. Authenticated administrators can inject malicious scripts through the smilie category title parameter. Creating a smilie category with a malicious...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through crafted requests. An attacker can execute arbitrary scripts in the context of a user's browser by submitting crafted input to the title, categoryTitle, or tmpTag parameters. Details Cross-site scripting ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through crafted requests. An attacker can execute arbitrary scripts in the context of a user's browser by submitting crafted input to the title, categoryTitle, or tmpTag parameters. Details Cross-site scripting ...

Cross Site Scripting (XSS)

Microweber is vulnerable to stored Cross Site Scripting. The vulnerability is due to improper sanitization in the product category title field. An authenticated attacker can add or modify a category, adding an Iframe script tag to the title that will run arbitrary Javascript whenever a user visit...

WordPress BSK PDF Manager 1.3 Cross Site Scripting

============================================================== Title ...| XSS in BSK PDF Manager Version .| bsk-pdf-manager 1.3 Date ....| 23.02.2014 Found ...| HauntIT Blog Home ....| http://wordpress.org/plugins/ ==============================================================...