Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.4 views

CVE-2026-34569

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog categories. An attacker can injec...

9.9CVSS5.7AI score0.00324EPSS
Exploits1References1
NVD
NVD
added 2026/01/16 7:16 p.m.6 views

CVE-2021-47834

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS0.00248EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:9 p.m.3 views

CVE-2021-47834

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS5.1AI score0.00248EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.18 views

CVE-2021-47834 Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS0.00248EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/16 7:9 p.m.7 views

CVE-2021-47834 Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 7:9 p.m.9 views

CVE-2021-47834

CVE-2021-47834 — Schlix CMS 2.2.6-6 : A persistent cross-site scripting flaw exists that enables authenticated users to inject scripts into category titles by creating a new contact category, which then executes when pages are viewed by others. The issue is documented across multiple sources (NVD...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.8 views

Schlix CMS cross-site scripting vulnerability

Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. The Schlix CMS 2.2.6-6 version has a cross-site scripting vulnerability. This vulnerability stems from the storage-based cross-site scripting in category titles, which may lead to th...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.5 views

PT-2026-3289

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS6.2AI score0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.20 views

CVE-2023-53904 Xenforo 2.2.13 Authenticated Stored Cross-Site Scripting via Smilie Categories

Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded,...

5.1CVSS0.00221EPSS
Exploits0References3
OSV
OSV
added 2024/08/21 6:15 a.m.4 views

CVE-2024-7030

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

4.3CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder