EUVD-2020-16431

Malware in sbrugna...

EUVD-2017-4350

Malware in sbrugna...

CVE-2020-20977

A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...

CVE-2020-23689

In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page...

CVE-2024-25837

A stored cross-site scripting XSS vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section...

PT-2024-21149 · Octobercms · October Cms Bloghub Plugin

Name of the Vulnerable Software and Affected Versions: October CMS Bloghub Plugin versions 1.3.8 and lower Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section. This can lead to the execution...

CVE-2024-25837

A stored cross-site scripting XSS vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section...

CVE-2024-25837

CVE-2024-25837 — Summary (concrete details from connected docs): The vulnerability is a stored XSS in the October CMS Bloghub Plugin, affecting versions 1.3.8 and earlier. The XSS occurs via a crafted payload in the Comments section, enabling execution of arbitrary web scripts or HTML in the vict...

Captcha Bypass allows sending unlimited Comments

Hello, I identified a CAPTCHA Bypass after trying many Posts in the Comments Section. Lets see : --------- sent successfully! let's see the comments Comments are available The Question Form is also vulnerable for Captcha Bypass please check it also too. Thank you...

Haraj Cross-Site Scripting Vulnerability

A security vulnerability exists in Haraj v3.7, a buying and selling platform from Haraj Saudi Arabia, due to a cross-site scripting issue in the comments section of advertisements. An attacker could exploit the vulnerability to execute arbitrary Web script or HTML via a crafted POST request...

GHSA-X78V-4FVJ-RG9J Camaleon CMS Stored Cross-site Scripting vulnerability

In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious...

Camaleon CMS Stored Cross-site Scripting vulnerability

In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious...

Camaleon CMS Stored Cross-site Scripting vulnerability

In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious...

CVE-2021-25969

In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment...

CVE-2021-25969 Camaleon CMS - Stored Cross-Site Scripting (XSS) in Comments

In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment...

CVE-2021-25969 Camaleon CMS - Stored Cross-Site Scripting (XSS) in Comments

In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment...

CVE-2020-20977

A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...

CVE-2020-20977

A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...

PT-2021-10564 · Ukcms · Ukcms

Name of the Vulnerable Software and Affected Versions: UK CMS version 1.1.10 Description: A stored cross site scripting XSS vulnerability in "index.php/legend/6.html" of UK CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. Recommendations...

Embed Video Scripts - Persistent Cross-Site Scripting

Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/ Software Link:...