73 matches found
Multiple vulnerabilities in Movable Type
Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit Comment CWE-79 - CVE-2026-21393 Stored cross-site scripting vulnerability in Export Sites CWE-79 - CVE-2026-22875 Unrestricted upload of file with...
CVE-2026-21393
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...
EUVD-2020-30928
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...
Naviwebs Navigate CMS SQL Injection Vulnerability
Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.7 of Naviwebs Navigate CMS, there is a SQL injection vulnerability. This vulnerability stems from the sidx parameter in the comments, which allows for SQL injections, potentially leadin...
webapp-fire
webapp-fire Vulnerable Flask app Mi...
EUVD-2015-8697
Malware in sbrugna...
EUVD-2019-6670
Malware in sbrugna...
EUVD-2018-8580
Malware in sbrugna...
CVE-2025-9710 Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments
The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks...
EUVD-2022-15914
Malicious code in bioql PyPI...
CVE-2025-9512 Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS
The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...
CVE-2024-6704
The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing...
CVE-2024-35539
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently...
CVE-2024-12767 BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR
The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts...
CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...
CVE-2025-24613 WordPress FV Thoughtful Comments plugin <= 0.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in FolioVision FV Thoughtful Comments thoughtful-comments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Thoughtful Comments: from n/a through = 0.3.5...
typecho 安全漏洞
typecho is a PHP blogging platform for typecho individual developers. It is simple and powerful. A security vulnerability exists in typecho 1.3.0 and earlier versions, which stems from a competitive condition vulnerability in the post comment feature that allows an attacker to post multiple...
Drupal Wiki Security Vulnerabilities
Drupal Wiki is a free and open source content management system from Drupal Wiki, Inc. A security vulnerability exists in Drupal Wiki versions prior to 8.31.1, which stems from allowing cross-site scripting XSS attacks via comments, titles, and image captions on Wiki pages...
PT-2024-23049 · WordPress · Fancy Comments
Name of the Vulnerable Software and Affected Versions: Fancy Comments WordPress versions 1.2.14 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...
CVE-2023-33216
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9...