3 matches found
PT-2025-52836
Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.7.4 Description The software contains an authenticated remote code execution issue in the content editing functionality. Administrative users can upload malicious PHP files. Attackers with valid credentials can exploit th...
CVE-2025-30148
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The...
CVE-2025-30148
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The...