31 matches found
CVE-2026-5829
CVE-2026-5829 affects code-projects Simple IT Discussion Forum 1.0. The vulnerability is in an unknown function of /pages/content.php where the post_id parameter can be manipulated to perform SQL injection. Remote exploitation is possible and a public exploit has been disclosed. CVSS data provide...
EUVD-2018-4026
Malware in sbrugna...
EUVD-2023-3034
Malicious code in bioql PyPI...
CVE-2022-39975
The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation...
CVE-2025-2625
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...
Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002
Bulk operations allow authorized users to modify several nodes at once from the Content page /admin/content. A site builder can also add bulk operations to other pages using Views. A bug in the core Actions system allows some users to modify some fields using bulk actions that they do not have...
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Impact Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. Affected versions Umbraco CMS = 8.00 Patches This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer...
CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in versions 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementi...
CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in versions 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementi...
GHSA-V32M-PF9Q-P3XG Liferay Portal XSS with `p_l_back_url_title` on edit content page
Reflected cross-site scripting XSS vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the plbackurltitle parameter...
CVE-2023-47797
Reflected cross-site scripting XSS vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the plbackurltitle parameter...
PT-2023-30614 · Liferay · Liferay Portal
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.94 through 7.4.3.95 Description: A reflected cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via the p l back url title parameter on a content page's edit page...
SQL Injection Vulnerability in Content Page
In menu Content page, there is a SQL Injection Vulnerability at Filter function. To exploit this vulnerability, attacker injection query into filter field. Proof of Concept 1. Login with admin 2. Go to "http://127.0.0.1/icms2/admin/content/5". In this case, the number 5 is content's id Can be...
Liferay Portal Missing Authorization vulnerability
The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation...
CVE-2022-39975
The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation...
CVE-2022-39975
The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation...
CVE-2022-39975
The CVE-2022-39975 issue affects Liferay Portal 7.3.3–7.4.3.34 and Liferay DXP 7.3 (pre-update 10) and 7.4 (pre-update 35). The root cause is missing authorization when previewing a Content Page, enabling an attacker to view unpublished Content Pages via URL manipulation. Exploitation details are...
CVE-2022-39975
The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation...
GHSA-86PC-6MM8-542R Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder. As per the Magento Release 2.3.3, if you have already implemented the pre-release versi...
Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder. As per the Magento Release 2.3.3, if you have already implemented the pre-release versi...