200 matches found
CVE-2026-9626 JSON API User <= 4.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'content' Parameter
The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...
CVE-2026-9626
The CVE-2026-9626 entry concerns the WordPress JSON API User plugin (
PT-2026-48171
A markdown based cross-site scripting XSS vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice content parameter...
CVE-2026-36763
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
CVE-2026-36761
A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...
EUVD-2020-31223
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...
CVE-2020-37222 Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...
CVE-2020-37222
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...
CVE-2026-36458
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...
EUVD-2026-28377
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...
CVE-2026-36458
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...
CVE-2026-36458
ChestnutCMS v1.5.10 is affected by a SQL injection in the cms_content tag: the content parameter can be manipulated in the admin backend and injected into a SQL query during template rendering. The issue is documented across NVD/EUVD/CVE sources with a high severity (CVSS v3.1: 9.8, Critical) and...
CVE-2026-36458
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...
PT-2026-38442
Name of the Vulnerable Software and Affected Versions ChestnutCMS version 1.5.10 Description A SQL injection issue exists where the content parameter of the 'cms content' tag can be manipulated within the admin backend. This allows the parameter to be injected into a SQL query during template...
CVE-2026-36763
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
CVE-2026-36763
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
EUVD-2026-26394
A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...
CVE-2026-36763
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
CVE-2026-36763
The CVE-2026-36763 entry describes a stored XSS in SpringBlade v4.8.0, exploitable via the /api/blade-desk/notice/submit endpoint by injecting crafted input into the content parameter. The NVD entry confirms the issue and lists a CVSS v3.1 base score of 6.1 (Medium) with network attack vector, lo...
Code-Projects Simple IT Discussion Forum SQL注入漏洞
Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of Code-Projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “content” in the file...