4 matches found
CVE-2025-46720
Keystone (Node.js CMS) prior to 6.5.0 has an Access Control Bypass in update/delete mutations: when a where clause uses multiple unique filters, the isFilterable check can be bypassed, enabling inference of hidden field values. The issue is patched in @keystone-6/core v6.5.0. Mitigations from the...
CVE-2023-52084
Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patche...
Atom.CMS SQL Injection Vulnerability (CNVD-2022-30776)
CMS is a content management system from The Digital Craft individual developers in the U.S. A SQL injection vulnerability exists in Atom.CMS version 2.0, which stems from a lack of validation of external input SQL statements in Atom.CMSadminuploads.php, which could be exploited to execute illegal...
couponPHP CMS 1.0跨站脚本漏洞
couponPHP是优惠劵和交易网站的内容管理系统。 couponPHP CMS 1.0版本没有正确过滤 /admin/ajax/commentspaginate.php 或 /admin/ajax/storespaginate.php的 "sEcho" GET 参数值,在实现上存在多个跨站脚本漏洞,可导致在用户浏览器会话中执行任意HTML和脚本代码。 0 couponPHP couponPHP 1.0 厂商补丁: couponPHP --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.couponphp.com...