CVE-2024-48291

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/doAdminAction.php?act=editAdmin&id=17...

CVE-2024-48191

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=delAdmin&id=17...

GHSA-WXW9-6PV9-C3XC Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Impact During an explicit sign-out, the server session is not fully terminated...

CVE-2024-48929

Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue...

CVE-2024-48929 Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue...

CVE-2024-48929 Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue...

CVE-2024-48927 Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

CVE-2024-46213

REDAXO CMS v2.11.0 was discovered to contain a remote code execution RCE vulnerability...

PHP-Nuke Top Module SQL Injection

Exploit Title: PHP-Nuke SQL injection Top Module + protection Bypass Google Dork: intext: Powered by PHP-Nuke Date: 2024-10-07 Exploit Author: Emiliano Febbi Vendor Homepage: https://phpnuke.org/ Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/ Version: 6.x New concept of...

CVE-2024-47618

Sulu is a PHP content management system vulnerable to cross-site scripting (XSS) via uploaded SVG files. The issue allows a low-privilege user with access to the Media section to upload an SVG containing malicious payload, which executes in other users’ browsers when accessed. The vulnerability i...

CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...

CVE-2024-31835

Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter...

CVE-2024-45604

Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability...

CVE-2024-45604

The CVE-2024-45604 entry describes a directory traversal vulnerability in Contao's back-end FileSelector widget, allowing authenticated backend users to list files outside the document root. Affected software is Contao core-bundle; the root cause is insufficient validation of file paths in the Fi...

CVE-2024-45398 Remote command execution through file upload in contao/core-bundle

Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does...

GO-2024-3125 Gouniverse GoLang CMS vulnerable to Cross-site Scripting in github.com/gouniverse/cms

Gouniverse GoLang CMS vulnerable to Cross-site Scripting in github.com/gouniverse/cms...

CVE-2024-43413

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

CVE-2024-43412

CVE-2024-43412 – Xibo CMS XSS in file preview (prior to 4.1.0) . The vulnerability allows an authorized user to execute arbitrary JavaScript by previewing HTML/CSS/JS files uploaded to the Library via the Generic File module, which is referenced in Displays and Layouts. The issue arises from how ...

CVE-2024-43412 Xibo CMS XSS vulnerability when previewing files uploaded to the library containing HTML/JS

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xib...