CVE-2026-21451

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize...

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

PT-2026-1131

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source laravel eCommerce platform, contains a stored Cross-Site Scripting XSS issue within the CMS page editor. The platform’s attempt to sanitize tags can be bypassed by manipulati...

EUVD-2021-22654

Malware in sbrugna...

EUVD-2018-12706

Malware in sbrugna...

EUVD-2025-14494

Malicious code in bioql PyPI...

CVE-2018-15203

An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/addpage allows a CSRF attack to add pages...

GHSA-QQCR-9JFC-35C4 OXID eShop May Display User Information

An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error...

OXID eShop 安全漏洞

OXID eShop is a suite of online e-commerce platforms from OXID Germany. A security vulnerability exists in versions prior to OXID eShop 7, which stems from a CMS page combined with Smarty that may display user information...

CVE-2021-36021 Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution

Magento versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code...

PT-2021-6734 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier, 2.4.2-p1 and earlier Magento versions 2.3.7 and earlier Description: The issue is caused by improper input validation within the CMS page scheduled update feature. An authenticated attacker with...

django-cms -- XSS Vulnerability

Cross-site scripting XSS vulnerability Jonas Obrist reports: The security issue allows users with limited admin access to elevate their privileges through XSS injection using the pageattribute template tag. Only users with admin access and the permission to edit at least one django CMS page objec...

Qwerty CMS - 'id' SQL Injection

QWERTY CMS lite - SQL INJ Found: b3 from GraBBerZ.com = Injection in index.php variable: id http://site/index.php?act=publ&id=-3+UNION+SELECT+1,2,3,4,5 = Administrator Table: rkh8t5po Columns: secret873ktlW,pass459khyf Column with pass: pass459khyf Admin CP: /admin/admin.php = CMS PAGE :...