etracker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-074

The module adds the etracker web statistics tracking system to your website. The cookiesetracker submodule allows the inline JavaScript to be included in consent management. However, this does not adequately check whether the provided JavaScript code originates from authorized users. A potential...

DRUPAL-CORE-2025-002

Bulk operations allow authorized users to modify several nodes at once from the Content page /admin/content. A site builder can also add bulk operations to other pages using Views. A bug in the core Actions system allows some users to modify some fields using bulk actions that they do not have...

Incorrect Authorization

Overview UmbracoCms.Web is an ASP.NET CMS. Affected versions of this package are vulnerable to Incorrect Authorization due to improper authorization mechanism. An attacker with only send for approval permissions could exploit this weakness to publish content without the required publish...

The vulnerability of the CMS system Backdrop CMS, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the CMS system Backdrop CMS is related to the failure to take measures to protect the structure of a web page as a result of performing the “Publish” action in the “Content” section. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attack...

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

[SECURITY] Fedora 35 Update: golang-github-theupdateframework-notary-0.7.0-6.fc35

The Notary project comprises a server and a client for running and interacting with trusted collections. See the service architecture documentation for more information. Notary aims to make the internet more secure by making it easy for people to publish and verify content. We often rely on TLS t...

PESCMS cross-site scripting vulnerability

A cross-site scripting vulnerability exists in PESCMS version V2.3.3, a content publishing platform. The vulnerability stems from App/Team/GET/Report.php missing a data validation filter for user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on t...

PESCMS 跨站请求伪造漏洞

PESCMS is a content publishing platform. A security vulnerability exists in PESCMS version V2.3.3. An attacker exploited the vulnerability to delete the accounts of admin and other members...

SPIP cross-site scripting vulnerability

SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP version 3.1.13 and prior versions, which originates in /spip.php. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could use...

[SECURITY] Fedora 34 Update: golang-github-theupdateframework-notary-0.7.0-4.fc34

The Notary project comprises a server and a client for running and interacting with trusted collections. See the service architecture documentation for more information. Notary aims to make the internet more secure by making it easy for people to publish and verify content. We often rely on TLS t...

SPIP interfaces.php cross-site scripting vulnerability

SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP, which stems from a lack of proper validation of client-side data in the interfaces.php component of the WEB application. An attacker could exploit this vulnerability to execute client-side code...

Dreamer CMS suffers from a directory traversal vulnerability

Dreamer CMS dreamer content publishing system is the first java development content publishing system , using the most popular springboot + thymeleaf framework to build , flexible and compact , simple configuration . Dreamer CMS has a directory traversal vulnerability that can be exploited by an...

SPIP cross-site scripting vulnerability (CNVD-2019-32493)

SPIP is a Web-based content publishing system. The system is primarily used for online collaboration. A cross-site scripting vulnerability exists in SPIP versions prior to 3.1.11 and 3.2.2 prior to 3.2.5, which can be exploited by an attacker to execute client-side code...

SPIP Input Validation Error Vulnerability

SPIP is a Web-based content publishing system. The system is primarily used for online collaboration. An input validation error vulnerability exists in SPIP versions prior to 3.1.11 and 3.2.2 prior to 3.2.5, which arises from a web-based system or product that does not properly validate incoming...

Cross-site Scripting (XSS)

symphonycms/symphony-2 is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize multiple parameters in the symphony/content/content.publish.php file. This allows an authenticated malicious user to inject and execute arbitrary webscript...

File upload vulnerability in PHPCMS Content Publishing Management function module

PHPCMS is a website management software. The software adopts modular development and supports a variety of classification methods, using it can easily realize the design, development and maintenance of personalized websites. There is a file upload vulnerability in the PHPCMS content publishing...

SPIP Remote Code Execution Vulnerability

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A remote code execution vulnerability exists in SPIP 3.1.2 and prior versions. An attacker could exploit this vulnerability to execute arbitrary code at an affected site...

Moderate: Red Hat Security Advisory: Satellite 6.1.7 security, bug and enhancement fix update

Updated Satellite 6.1 packages that fix one security issue, add one enhancement, and fix several bugs are available for Satellite 6.1.7. Red Hat Product Security has rated this update as having Moderate Security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

100 BitTorrent Users Do Most Illegal Sharing

BitTorrent, the peer to peer file sharing network, has gained a reputation for enabling the masses to share and distribute files. But when it comes to sharing copyrighted content, just 100 users are responsible for most of the content. The findings, published by academic researchers in Spain,...