3861 matches found
CVE-2025-14801
A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...
CVE-2025-14801
CVE-2025-14801 affects xiweicheng TMS up to 2.28.0, specifically the createComment function in /admin/blog/comment/create. The vulnerability arises from manipulation of the argument content, enabling cross-site scripting. Exploitation can be remote, and public PoC details exist. Multiple sources ...
CVE-2025-14801 xiweicheng TMS create createComment cross site scripting
A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...
CVE-2025-14801 xiweicheng TMS create createComment cross site scripting
A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...
AVideo 安全漏洞
AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0, which stems from a lack of ownership checks on endpoints, and could lead to authenticated users uploading comment images to other users'...
PT-2025-51889
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 allow any authenticated user to upload comment images to videos owned by other users. The ''/comment images'' endpoint validates authentication but does not verify...
TMS 代码注入漏洞
TMS is a channel-based team communication and collaboration + lightweight task dashboard by weicheng individual developers. A code injection vulnerability exists in TMS 2.28.0 and earlier versions, which stems from the incorrect operation of the parameter content in the file...
EUVD-2025-203408
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
CVE-2025-51962
CVE-2025-51962 describes an HTML Injection in MicroStudio 24.01.29’s project page comments. The vulnerability arises in the add_project_comment function, allowing remote attackers to inject arbitrary scripts/HTML via the text parameter. CVSSv3.1 base score 6.1 (Medium) with NETWORK attack vector,...
CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...
Mattermost Server 10.5.x <= 10.5.12 / 10.11.x <= 10.11.4 / 10.12.x <= 10.12.1 / 11.0.x <= 11.0.2 Multiple Vulnerabilities (CVE-2025-12421, MMSA-2025-00526, CVE-2025-12756)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in CVE-2025-12421, MMSA-2025-00526 and CVE-2025-12756. - Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used...
编号撤回
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a misplaced exception handling table comment in clearuserrepgood, which could cause the kernel to crash...
CVE-2025-14013
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
EUVD-2025-201262
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14013
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14013
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14011
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...
CVE-2025-14013 JIZHICMS Comment addcomment.html cross site scripting
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...
CVE-2025-14013
The CVE-2025-14013 entry affects JIZHICMS up to version 2.5.5, specifically the Comment Handler’s file /index.php/admins/Comment/addcomment.html. The issue is a cross-site scripting vulnerability caused by manipulation of the body parameter, with remote initiation possible and a public exploit av...