Deserialization of Untrusted Data

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to deserialization of files without any class restrictions. A local attacker can execute arbitrary PHP code by crafting a...

Open Redirect

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Open Redirect via the GeneralUtility::sanitizeLocalUrl function. An attacker can cause users to be redirected to arbitrary external sites by supplying whitespace...

Insufficient Entropy

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Insufficient Entropy due to the Password Generation process that always begins with a deterministic three‑character prefix. An attacker can predict generated...

CVE-2025-52161

Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting XSS vulnerability...

PT-2025-36476

Name of the Vulnerable Software and Affected Versions: Scholl Communications AG Weblication CMS Core version 019.004.000.000 Description: The software contains a cross-site scripting XSS issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

CVE-2025-52161

The CVE-2025-52161 entry concerns Scholl Communications AG Weblication CMS Core v019.004.000.000, which is reported to contain a cross-site scripting (XSS) vulnerability. The available data indicate a high-severity issue (CVSS v3.1 base score 9.8, Critical) with network attack vector, no privileg...

CVE-2025-52161

Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting XSS vulnerability...

Scholl Communications AG Weblication CMS Core 安全漏洞

Scholl Communications AG Weblication CMS Core is a content management system from Scholl Communications AG, Germany. A security vulnerability exists in Scholl Communications AG Weblication CMS Core version v019.004.000.000, which stems from vulnerability to cross-site scripting attacks...

CVE-2025-52161

Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting XSS vulnerability...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload through a manipulated API request. An attacker can upload unauthorized files by crafting a request that bypasses the configured file extension checks. Remediation Upgrade Umbraco.Cms.Core to version 15.4.2,...

Incorrect Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Incorrect Authorization due to improper handling of FrontendGroupRestriction in multi-table database queries. An attacker can access data from additional tables...

Unverified Password Change

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Unverified Password Change through the backend user management interface. An attacker can modify user accounts without needing to verify the current password by...

Observable Response Discrepancy

Overview Affected versions of this package are vulnerable to Observable Response Discrepancy due to the timing analysis of post-login API responses. An attacker can determine if a specific user account exists by observing the response times. Remediation Upgrade Umbraco.Cms.Core to version 10.8.10...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image title sub-field in the image field. Details Cross-site scripting or X...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image copyright sub-field in the image field. Details Cross-site scripting ...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the author field when publishing an article. Details Cross-site scripting or XSS is a code vulnerability that...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure which allows an attacker to determine the existence of user accounts by analyzing the response times and codes. Remediation Upgrade Umbraco.Cms.Core to version 14.3.2, 15.1.2 or higher. References - GitHub Commit -...

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

CVE-2025-22388

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting XSS vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or...

PT-2025-4485 · Optimizely · Episerver.Cms.Core

Name of the Vulnerable Software and Affected Versions: Optimizely EPiServer.CMS.Core versions prior to 12.32.0 Description: A medium-severity issue exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types,...