Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Vulnerabilities existed in versions 4.0.0-RC1 to 4.17.5, as well as in versions 5.0.0-RC1 to 5.9.11 of Craft CMS. These vulnerabilities were caused by behavior injection remote code execution vulnerabilities in the...

Qool CMS 跨站脚本漏洞

Qool CMS is a content management system developed by basdog22. Qool CMS has a cross-site scripting vulnerability, which stems from improper cleaning of POST parameters in multiple management scripts. This vulnerability could allow attackers to inject malicious JavaScript code to execute arbitrary...

PT-2026-25635

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

Raytha CMS 代码注入漏洞

Raytha CMS is a content management system developed by the American company Raytha. Raytha CMS has a code injection vulnerability, which stems from the lack of sandboxing or access restrictions in the Functions module. This vulnerability could allow JavaScript code to instantiate.NET components a...

Craft CMS 路径遍历漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Versions of Craft CMS from 4.0.0-RC1 to 4.17.5, as well as 5.0.0-RC1 to 5.9.11, contained a path traversal vulnerability. This vulnerability stemmed from the targetFilename parameter in the AssetsController-replaceFi...

Raytha CMS 安全漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained security vulnerabilities. These vulnerabilities stemmed from the lack of any brute-force attack protection mechanisms, allowing attackers to send multiple automated...

PT-2026-25698

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6...

PT-2026-25805

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...

Raytha CMS 安全漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained security vulnerabilities. These vulnerabilities stemmed from allowing attackers to manipulate the X-Forwarded-Host or Host header to point to a domain controlled by...

Raytha CMS 代码问题漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained code vulnerabilities. These vulnerabilities stemmed from the “Themes – Import from URL” feature, which had a server-side request forgeing vulnerability. This...

Raytha CMS 跨站脚本漏洞

Raytha CMS is a content management system provided by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the FieldValues0.Value parameter in the page creation function, which allowed for stored...

Raytha CMS 跨站请求伪造漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from multiple endpoints allowing cross-site request forgery, which could enable attackers to...

Raytha CMS 跨站脚本漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the returnUrl parameter in the login function, which allowed for reflected cross-site scripting...

Raytha CMS 跨站脚本漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the backToListUrl parameter, which allowed for reflective cross-site scripting. This could enab...

PT-2026-25697

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6...

PT-2026-25695

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in version 1.4.6...

PT-2026-25691

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...

PT-2026-25694

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6...

PT-2026-25689

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

PT-2026-25696

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0...