CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

CVE-2026-41147

CVE-2026-41147 (NukeViet CMS) is a stored XSS issue affecting NukeViet CMS versions up to 4.5.08, caused by insufficient server-side input sanitization in the Request class. The app relies on client-side filtering for user-submitted HTML, which can be bypassed by altering HTTP requests. Attackers...

CVE-2026-41147 NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

GHSA-64RR-PP78-62WW NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

Impact NukeViet CMS , which are stored server-side and executed in the browser of any user who views the content. Who is impacted: - Administrators and moderators who view user-submitted content e.g., contact messages, comments, or any module using the Request class for HTML input. - The Contact...

CVE-2019-25642

Bootstrapy CMS is affected by multiple SQL injection vulnerabilities that enable unauthenticated attackers to execute arbitrary SQL via POST parameters. Specifically, the thread_id parameter in forum-thread.php, the subject parameter in contact-submit.php, the post-id parameter in post-new-submit...

CVE-2019-25642 Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the threadid parameter of forum-thread.php, the subject parameter of...

EUVD-2009-4337

Malware in sbrugna...

EUVD-2014-3725

Malware in sbrugna...

EUVD-2009-2372

Malware in sbrugna...

EUVD-2015-6744

Malware in sbrugna...

CVE-2015-6807

Cross-site scripting XSS vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label...

PT-2024-10347 · Drupal · Email Contact

Name of the Vulnerable Software and Affected Versions: Email Contact versions 0.0.0 through 2.0.4 Description: The issue is related to insufficient granularity of access control in the Email Contact module for Drupal, allowing forceful browsing. This can be exploited by a remote attacker to bypas...

Cross site scripting on contact module

Step to reproduce 1. Open into https://demo.corebos.com and navigate to settings Users. 2. Add XSS payload into Entity Name. 3. Now navigate to contact Create contact Add contact and click on more information click add opportunity. 4. On Assign to drop menu select XSS payload and save. XSS Payloa...

GHSA-RFH8-25H9-MHGF Cross-site Scripting in YII2-CMS

YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html...

Bootstrapy CMS - Multiple SQL Injection

Bootstrapy CMS - Multiple SQL Injection Exploit Title: Bootstrapy CMS - Multiple SQL Injection Date: 21.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://bootstrapy.com Demo Site: http://bootstrapy.net/demo/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC 1: SQLi -----...

efakturcsv.ortax.org XSS vulnerability

Open Bug Bounty ID: OBB-627857 Description| Value ---|--- Affected Website:| efakturcsv.ortax.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cross site scripting

Cross-site scripting XSS vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label...

CVE-2015-6807

CVE-2015-6807 affects the Drupal Mass Contact contributed module (versions 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1). The vulnerability is a cross-site scripting (XSS) flaw that allows remote authenticated users who have the "administer mass contact" permission to inject arbitrary script...