Lucene search
K

4 matches found

CVE
CVE
added 2025/05/05 6:53 p.m.84 views

CVE-2025-46720

Keystone (Node.js CMS) prior to 6.5.0 has an Access Control Bypass in update/delete mutations: when a where clause uses multiple unique filters, the isFilterable check can be bypassed, enabling inference of hidden field values. The issue is patched in @keystone-6/core v6.5.0. Mitigations from the...

4.3CVSS3.8AI score0.00234EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/12/28 11:15 p.m.25 views

CVE-2023-52084

Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patche...

5.4CVSS0.00309EPSS
Exploits0References2
CNVD
CNVD
added 2022/04/15 12:0 a.m.15 views

Atom.CMS SQL Injection Vulnerability (CNVD-2022-30776)

CMS is a content management system from The Digital Craft individual developers in the U.S. A SQL injection vulnerability exists in Atom.CMS version 2.0, which stems from a lack of validation of external input SQL statements in Atom.CMSadminuploads.php, which could be exploited to execute illegal...

9.8CVSS6.2AI score0.05412EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/03/06 12:0 a.m.22 views

couponPHP CMS 1.0跨站脚本漏洞

couponPHP是优惠劵和交易网站的内容管理系统。 couponPHP CMS 1.0版本没有正确过滤 /admin/ajax/commentspaginate.php 或 /admin/ajax/storespaginate.php的 "sEcho" GET 参数值,在实现上存在多个跨站脚本漏洞,可导致在用户浏览器会话中执行任意HTML和脚本代码。 0 couponPHP couponPHP 1.0 厂商补丁: couponPHP --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.couponphp.com...

7.1AI score
Exploits0
Rows per page
Query Builder