43682 matches found
CVE-2021-47834
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...
CVE-2021-47834
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...
CVE-2021-47834 Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...
CVE-2021-47834
CVE-2021-47834 — Schlix CMS 2.2.6-6 : A persistent cross-site scripting flaw exists that enables authenticated users to inject scripts into category titles by creating a new contact category, which then executes when pages are viewed by others. The issue is documented across multiple sources (NVD...
CVE-2021-47753
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
Vulnerabilities fixed in TYPO3 CMS
TYPO3 has fixed vulnerabilities in TYPO3 CMS Specific to certain versions. The vulnerabilities in TYPO3 CMS allow attackers to bypass field-level access controls, insert unauthorized data into restricted database fields, and manipulate redirect records without any restrictions. In addition,...
Phpwcms security vulnerabilities
Phpwcms is an open-source content management system developed by Phpwcms. Version 1.9.30 of Phpwcms contains a security vulnerability. This vulnerability stems from allowing authenticated attackers to upload malicious SVG files, which could lead to cross-site scripting attacks...
PT-2026-3289
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...
b2evolution CMS Cross-Site Request Forgery Vulnerability
b2evolution CMS is a content management system open source by the b2evolution Group. Version 7.2.2 of b2evolution CMS has a cross-site request forgery vulnerability. This vulnerability stems from cross-site request forgery attacks, which may allow unauthorized users to modify administrator accoun...
Schlix CMS cross-site scripting vulnerability
Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. The Schlix CMS 2.2.6-6 version has a cross-site scripting vulnerability. This vulnerability stems from the storage-based cross-site scripting in category titles, which may lead to th...
CVE-2025-71164
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...
CVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
GHSA-H66J-XM43-47PP Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
EUVD-2026-2753
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...