93 matches found
DRUPAL-CONTRIB-2026-009
This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...
PT-2026-7807
This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...
CVE-2024-2666
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2021-47736
CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...
CVE-2021-47736
CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...
CVE-2021-47736 CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing
CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...
CVE-2021-47736 CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing
CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...
CVE-2021-47736
CMSimple_XH 1.7.4 is affected by an authenticated remote code execution in the content editing functionality. The root cause is insufficient input validation/filtering during processing of user-submitted data, allowing authenticated administrators to upload PHP files (via the CSRF mechanism) and ...
CMSimple_XH 代码注入漏洞
CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that stems from the content editing functionality not securely restricting or filtering code input when...
PT-2025-52836
Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.7.4 Description The software contains an authenticated remote code execution issue in the content editing functionality. Administrative users can upload malicious PHP files. Attackers with valid credentials can exploit th...
GHSA-MH85-44C2-3M97 Grav is vulnerable to Stored XSS through authenticated user-edited content
grav before v1.7.49.5 has a Stored Cross-Site Scripting Stored XSS vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later...
CVE-2025-66843
grav before v1.7.49.5 has a Stored Cross-Site Scripting Stored XSS vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later...
Improper Access Control
dnn.platform is vulnerable to improper access control. The vulnerability is due to the default HTML editing configuration allowing unauthenticated file uploads, which allows an attacker to upload arbitrary files and potentially leverage them for further compromise...
CVE-2025-65186
Summary (CVE-2025-65186): Grav CMS 1.7.49 is reported vulnerable to Cross Site Scripting (XSS) via the page editor. The Markdown editor does not adequately sanitize script tags, enabling stored XSS payloads that execute when pages are viewed in the admin interface. Affected component: the admin/p...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
EUVD-2008-1729
Malware in sbrugna...
EUVD-2020-23939
Malware in sbrugna...
EUVD-2019-8520
Malware in sbrugna...
EUVD-2006-7196
Malware in sbrugna...
EUVD-2020-17568
Malware in sbrugna...