CVE-2025-71310

The CVE 2025-71310 affects the GDPR cookies module for Backdrop CMS (before 1.x-1.3.5). The vulnerability is an XSS risk triggered when a malicious value is supplied in the optional YouTube service’s Info content field, under the condition that an attacker has either the "Create a GDPR Cookies Se...

CVE-2025-71310

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

EUVD-2025-209927

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

Joomla! CMS 跨站脚本漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a cross-site scripting vulnerability, which stems from the lack of output escaping. This vulnerability may lead to cross-site scripting attacks through the "readmore" link in the comconte...

100xDevs CMS 安全漏洞

100xDevs CMS is an open-source content management system developed by code100x. There is a security vulnerability in 100xDevs CMS, which stems from an authentication bypass in the Mobile API. This vulnerability could allow unauthenticated attackers to impersonate any user by submitting specially...

Joomla! CMS 路径遍历漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a path traversal vulnerability, which stems from improper validation of search parameters in the commedia file API endpoints, potentially leading to path traversal attacks...

Joomla! CMS 访问控制错误漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a vulnerability related to access control, which stems from improper access checks. As a result, users with low privileges can edit the task types of existing scheduling programs...

PT-2026-43267

e107 is a content management system CMS. Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, o...

PT-2026-43451

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages pages.access permission is disabled. This can be due to configuration in the user blueprints, via options in the model blueprints or via a combination of both settings. Kirby sites...

Backdrop CMS 安全漏洞

Backdrop CMS is an open-source content management system developed by Backdrop CMS. Versions of Backdrop CMS prior to 1.x-1.3.5 contained security vulnerabilities. These vulnerabilities stemmed from insufficient protection against cross-site scripting attacks. If optional information fields in th...

e107 安全漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team. It is built using PHP and MySQL. This system supports various plugins and theme options, and can be used for personal blogs, discussion communities, archives, etc. Versions of e107 prior to 2.3.4 contain...

Joomla! CMS 跨站请求伪造漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a cross-site request forgeing vulnerability, which stems from the lack of CSRF token validation. This vulnerability may lead to cross-site request forgeing attacks at the comusers...

Joomla! CMS 安全漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. There is a security vulnerability in Joomla! CMS, which stems from the InputFilter::getInstance method omitting secure-sensitive parameters from the instance cache key...

Joomla! CMS 安全漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a security vulnerability, which stems from the password and username reset function creating plaintext HTTP links for HTTPS connections when a mandatory SSL flag is not set...

Joomla! CMS 访问控制错误漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a vulnerability related to access control, which stems from improper access checks. This vulnerability allows for privilege escalation through the comusers batch task...

Grav CMS 2.0.0-beta.2 - Remote Code Execution

Exploit Title: Grav CMS 'onPluginsInitialized', 0; public function onPluginsInitialized: void $shellpath = GRAVROOT . '/shell.php'; if !fileexists$shellpath fileputcontents$shellpath, '';...

K000161415: Craft CMS vulnerability CVE-2025-32432

Security Advisory Description Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is ...

Linux Distros Unpatched Vulnerability : CVE-2026-48832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability. CVE-2026-48832 Note that Nessus relies on the presence of the...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CMS Made Simple CVE-2019-9053 Exploit Python 3 Python 3 com...

CVE-2023-54349

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...