Lucene search
K

43682 matches found

NVD
NVD
added 2026/01/16 7:16 p.m.4 views

CVE-2021-47834

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS0.00248EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:9 p.m.2 views

CVE-2021-47834

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS5.1AI score0.00248EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/16 7:9 p.m.6 views

CVE-2021-47834 Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 7:9 p.m.8 views

CVE-2021-47834

CVE-2021-47834 — Schlix CMS 2.2.6-6 : A persistent cross-site scripting flaw exists that enables authenticated users to inject scripts into category titles by creating a new contact category, which then executes when pages are viewed by others. The issue is documented across multiple sources (NVD...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/16 4:20 p.m.10 views

CVE-2021-47753

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...

9.8CVSS8.4AI score0.00671EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/16 4:20 p.m.6 views

CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS6.9AI score0.00343EPSS
Exploits1References1
NCSC
NCSC
added 2026/01/16 10:11 a.m.40 views

Vulnerabilities fixed in TYPO3 CMS

TYPO3 has fixed vulnerabilities in TYPO3 CMS Specific to certain versions. The vulnerabilities in TYPO3 CMS allow attackers to bypass field-level access controls, insert unauthorized data into restricted database fields, and manipulate redirect records without any restrictions. In addition,...

8.1CVSS7.4AI score0.0038EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

Phpwcms security vulnerabilities

Phpwcms is an open-source content management system developed by Phpwcms. Version 1.9.30 of Phpwcms contains a security vulnerability. This vulnerability stems from allowing authenticated attackers to upload malicious SVG files, which could lead to cross-site scripting attacks...

5.4CVSS5.6AI score0.00282EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.4 views

PT-2026-3289

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS6.2AI score0.00248EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.4 views

b2evolution CMS Cross-Site Request Forgery Vulnerability

b2evolution CMS is a content management system open source by the b2evolution Group. Version 7.2.2 of b2evolution CMS has a cross-site request forgery vulnerability. This vulnerability stems from cross-site request forgery attacks, which may allow unauthorized users to modify administrator accoun...

6.9CVSS5.7AI score0.00155EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

Schlix CMS cross-site scripting vulnerability

Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. The Schlix CMS 2.2.6-6 version has a cross-site scripting vulnerability. This vulnerability stems from the storage-based cross-site scripting in category titles, which may lead to th...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/15 7:24 p.m.4 views

CVE-2025-71164

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

5.4CVSS5.6AI score0.00194EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/15 7:24 p.m.5 views

CVE-2025-71165

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...

5.4CVSS5.7AI score0.00194EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/01/15 6:31 p.m.14 views

Umbraco CMS contains a server-side request forgery vulnerability

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS7AI score0.00343EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/15 6:31 p.m.4 views

GHSA-H66J-XM43-47PP Umbraco CMS contains a server-side request forgery vulnerability

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS6.9AI score0.00343EPSS
Exploits1References5
OSV
OSV
added 2026/01/15 4:16 p.m.6 views

CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

5.3CVSS5.5AI score
Exploits0References3
NVD
NVD
added 2026/01/15 4:16 p.m.4 views

CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS0.00343EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/01/15 4:5 p.m.3 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/15 3:52 p.m.6 views

CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS5.5AI score0.00343EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/01/15 3:52 p.m.7 views

EUVD-2026-2753

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS6.4AI score0.00343EPSS
Exploits1References5
Rows per page
Query Builder