CVE-2025-11530

A weakness has been identified in code-projects Online Complaint Site 1.0. Affected is an unknown function of the file /cms/admin/state.php. This manipulation of the argument state causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...

Code-Projects Online Complaint Site SQL注入漏洞

Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter state in the file /cms/admin/state.php for externally entered SQL statements. An attacker can exploit this vulnerability...

EUVD-2017-9346

Malware in sbrugna...

EUVD-2018-8808

Malware in sbrugna...

EUVD-2018-18273

Malware in sbrugna...

EUVD-2014-8434

Malware in sbrugna...

EUVD-2017-15971

Malware in sbrugna...

EUVD-2018-2393

Malware in sbrugna...

EUVD-2023-33392

Malicious code in bioql PyPI...

CVE-2025-27800 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to...

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

PT-2025-25643 · Unknown · Mezzanine Cms

Name of the Vulnerable Software and Affected Versions: Mezzanine CMS versions prior to 6.1.1 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability in the admin interface. It exists in the displayable links js function, which fails to properly sanitize blog post titles before...

Cross-site Scripting (XSS)

Overview djangocms-attributes-field is an Adds attributes to Django models. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of form Attributes fields in the Django CMS admin panel. An attacker can exploit this vulnerability through the...

CVE-2023-43340

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

CVE-2023-37650

A Cross-Site Request Forgery CSRF in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands...

CVE-2014-8597

A reflected cross-site scripting XSS vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel...

SQL injection vulnerability in cms_admin_edit.php file of VANOC enterprise website management system (PHP version)

Vanno enterprise website management system PHP version is a php+MySQL development of php enterprise website management system. An SQL injection vulnerability exists in the cmsadminedit.php file of the Vanno Enterprise Website Management System PHP Edition. An attacker can exploit the vulnerabilit...

Coat of arms of cms any admin add exploit

No description provided by source...

CVE-2017-6918

CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Navigation Social can be changed...

WDS CMS - SQL Injection

In The Name Of ALLAH Exploit Title : WDS CMS - SQL Injection Google Dork : allinurl:wdsnews/article.php?ID= Date : 2015-08-09 Exploit Author : Ismail Marzouk Vendor Homepage : http://webdesignskolan.se/ Tested on : Windows 7 Exploit : http://...