Lucene search
K

114 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:27 a.m.10 views

CVE-2019-19900

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized content type name, then have an editor execute...

4.8CVSS6.5AI score0.00552EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 11:15 p.m.26 views

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS0.01119EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/05/07 12:0 a.m.57 views

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS7.7AI score0.01119EPSS
In wildExploits0References6
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/26 12:0 a.m.28 views

Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability

Sitecore CMS and Experience Platform XP contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

8.8CVSS7.7AI score0.14154EPSS
In wildExploits1
OSV
OSV
added 2025/03/05 3:53 p.m.9 views

CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...

6.1CVSS5.7AI score0.00266EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/06 4:49 a.m.10 views

CVE-2021-37626

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

7.2CVSS6.8AI score0.01254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.6 views

PT-2025-1671 · Progress · Sitefinity

Name of the Vulnerable Software and Affected Versions: Progress Sitefinity versions 4.0 through 14.4.8142 Progress Sitefinity versions 15.0.8200 through 15.0.8229 Progress Sitefinity versions 15.1.8300 through 15.1.8327 Progress Sitefinity versions 15.2.8400 through 15.2.8421 Description: The iss...

8.4CVSS5.4AI score0.0035EPSS
Exploits0References10
CNVD
CNVD
added 2024/12/25 12:0 a.m.14 views

Craft CMS Unauthenticated Remote Code Execution Vulnerability

Craft CMS is a user-friendly, web-based content management system for creating and managing website content. Craft CMS has a security vulnerability due to the opening of registerargcargv in the PHP configuration, which can be exploited by an attacker to execute arbitrary code and take control of...

9.8CVSS8.1AI score0.97446EPSS
Exploits9References1
CVE
CVE
added 2024/12/09 8:54 p.m.65 views

CVE-2024-54149

Winter CMS has a sandbox bypass in Twig templates that affects versions prior to 1.2.7, 1.1.11, and 1.0.476. If an attacker has backend access with cms.manage_layouts, cms.manage_pages, or cms.manage_partials, they can modify or delete theme resources and potentially manipulate model data passed ...

8.4CVSS8.8AI score0.00405EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.12 views

PT-2024-95: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module netshop)

The vulnerability was identified in Netcat CMS module netshop, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...

8.8CVSS7.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/11/29 9:33 p.m.31 views

October CMS safe mode bypass using Page template injection

Impact An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safemode being enabled can craft a special request to include PHP code in the CMS...

4.9CVSS7.5AI score0.00511EPSS
Exploits0References3Affected Software1
Malwarebytes
Malwarebytes
added 2023/06/05 2:0 p.m.23 views

Information stealer compromises legitimate sites to attack other sites

Security researchers at Akamai have published a blog about a new Magecart-alike web skimming campaign that uses compromised legitimate sites as command and control C2 servers. A web skimmer is a piece of malicious code embedded in web payment pages to steal personally identifiable information PII...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.262 views

Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: Clansphere CMS 2011.4 - Stored Cross-Site Scripting XSS Exploit Author: Sinem Şahin Date: 2022-10-08 Vendor Homepage: https://www.csphere.eu/ Version: 2011.4 Tested on: Windows & XAMPP == Tutorial http://HOST/index.php?mod=buddys&action=create&id=925872 2- Write XSS Payload into th...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.6 views

CVE-2022-43687

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...

6.8AI score0.00584EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.246 views

Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated)

!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...

4.9CVSS5.2AI score0.2195EPSS
Exploits6
NVD
NVD
added 2022/04/16 12:15 a.m.29 views

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

4.9CVSS0.00883EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/02/22 6:21 p.m.26 views

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2AI score0.01436EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/09/23 12:42 p.m.16 views

CVE-2021-22953

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

6.7AI score0.00346EPSS
Exploits0References2
CVE
CVE
added 2021/09/09 11:32 a.m.65 views

CVE-2021-39459

CVE-2021-39459 affects Redaxo CMS (Yakamara) in version 5.12.1, where an authenticated CMS user can trigger remote code execution through a module containing malicious PHP code in the modules component. The Red Hat entry corroborates the issue as a remote code execution vulnerability in Redaxo 5....

9CVSS7.2AI score0.04894EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2021/06/17 4:15 p.m.17 views

Cross site scripting

In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack...

4.3CVSS6AI score0.00695EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder