Bagisto has HTML Filter Bypass that Enables Stored XSS

Summary A stored Cross-Site Scripting XSS vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be...

GHSA-2MWC-H2MG-V6P8 Bagisto has HTML Filter Bypass that Enables Stored XSS

Summary A stored Cross-Site Scripting XSS vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be...

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

CVE-2025-25968

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files...

Remote Code Execution (RCE)

winter/storm is vulnerable to Remote Code Execution. An authenticated attacker with permission to to create or modify theme templates with the cms editor can disable the cms.enableSafeMode feature, allowing for the modification of the backend.php code through the web interface...

Remote Code Execution (RCE)

winter/storm is vulnerable to Remote Code Execution. An authenticated attacker with permission to create or modify theme templates with the cms editor can disable the cms.enableSafeMode feature, allowing for the modification of the backend php code through the web interface...

CVE-2020-26295 CMS Editor code execution

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...

react-cms-editor (=0.1.71) potentially affected by CVE-2017-16080 via nodesass (=0.0.2-security)

nodesass NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on nodesass and may be impacted: - react-cms-editor =0.1.71 Source cves: CVE-2017-16080 Source advisory: OSV:GHSA-XFMW-2VMM-579C...

The bulk of the invasion College Station vulnerability EXP-vulnerability warning-the black bar safety net

By:deleter QQ:1 3 4 3 3 8 2 3 9 2 College Station substantially with the revision of the cms, and the cms in there must be the editor. Currently the editor of the vulnerability is less, is relatively safe, but College Station is not the same. A College website is bound to be a year old, unless th...