Template Injection

github.com/requarks/wiki is vulnerable to Template injection. The vulnerability is due to improper sanitization of user inputs, allowing attackers to inject malicious JavaScript into the content section of pages. Attackers can exploit this by inserting an invalid HTML tag with a template injectio...

CVE-2024-34710

CVE-2024-34710 affects Wiki.js (Node.js-based wiki app). The issue is a Client-Side Template Injection that enables an attacker to inject malicious JavaScript into page content, triggering when a victim loads the page containing the payload. Root cause: improper sanitization via an invalid HTML t...

CVE-2024-34710 Wiki.js Stored XSS through Client Side Template Injection

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection ...

Wiki.js 安全漏洞

Wiki.js is a suite of open source Wiki software from the Requarks.io team based on Node.js and written in the JavaScript language. A security vulnerability exists in Wiki.js versions prior to 2.5.303, which stems from a vulnerability that allows an attacker to inject malicious JavaScript into the...

CVE-2023-6472

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th...

CVE-2023-6472

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th...

CVE-2023-6472 PHPEMS Content Section api.cls.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th...

CVE-2023-6472

PHPEMS 7.0 contains a Cross-Site Scripting (XSS) flaw in the Content Section Handler, specifically in the file app\content\cls\api.cls.php. The issue is executable remotely and the exploit has been disclosed publicly, with multiple sources confirming the affected component and path. Practical imp...

PHPEMS Cross-Site Scripting Vulnerability

PHPEMS is a PHP online practice exam system. A cross-site scripting vulnerability exists in PHPEMS version 7.0, which stems from a cross-site scripting XSS vulnerability in the component Content Section Handler...

PT-2023-32681 · Phpems · Phpems

Name of the Vulnerable Software and Affected Versions: PHPEMS version 7.0 Description: A problematic issue has been found in the Content Section Handler component, specifically affecting the file appcontentclsapi.cls.php. This issue leads to cross-site scripting and can be initiated remotely. The...

Information disclosure

In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-25779

Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page...

CVE-2019-15227

FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions...

Cross site scripting

Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog...

Cross site scripting

Cross-site scripting XSS vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note...

CVE-2014-8780

Cross-site scripting XSS vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note...

CVE-2014-8780

Cross-site scripting XSS vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note...

Design/Logic Flaw

Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the 1 Weblink, 2 Polls, 3 Newsfeeds, 4 Weblinks, 5 Content, 6 Content Section, 7 Content Category, 8 Contact items, or 9 Contact Search, 10 Content...