128 matches found
CVE-2025-65186
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface...
CVE-2025-66300 Grav is vulnerable to Arbitrary File Read
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...
CVE-2025-65012
Kirby CMS 5.0.0–5.1.3 contains a cross-site scripting (XSS) vulnerability in the Changes dialog. An attacker with authenticated Panel user access can corrupt a page title or username with a malicious string, then modify related content fields; when another authenticated user opens the dialog, the...
PT-2025-47416
Name of the Vulnerable Software and Affected Versions Kirby versions 5.0.0 through 5.1.3 Description Kirby is a content management system. Attackers could modify the title of any page or the name of any user to a malicious string. Subsequently, they could alter any content field of the same model...
Remote Code Execution Vulnerability in Vvveb
Vvveb CMS is vulnerable to code injection via the Code Editor functionality. Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem, allowing remote authenticated attackers with access to the Code Editor to achieve code execution wh...
📄 Vvveb CMS 1.0.5 Remote Code Execution
Vvveb CMS is vulnerable to code injection via the Code Editor functionality. Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem, allowing remote authenticated attackers with access to the Code Editor to achieve code execution wh...
EUVD-2007-1765
Malware in sbrugna...
CVE-2025-8120 Remote Code Execution via Unrestricted File Upload in PAD CMS
Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution.This issue affects all 3 templates: www, b...
Polska Akademia Dostępności CMS 跨站请求伪造漏洞
Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. A cross-site request forgery vulnerability exists in Polska Akademia Dostępności CMS, which stems from the reset password feature being vulnerable to cross-site request forgery...
The vulnerability of the MagicINFO 9 centralized multimedia content management system lies in the improper restriction on the path name to the restricted catalog. This allows a malicious actor to gain access and add arbitrary files.
The vulnerability of the MagicINFO 9 multi-media content centralized management system is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain access and add arbitrary files...
CVE-2024-30419
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...
CVE-2021-26830
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...
Craft CMS 安全漏洞
Craft CMS is a content management system CMS from Craft CMS Open Source. A security vulnerability exists in Craft CMS versions prior to 4.14.13 and prior to 5.6.16, which stems from a Twig SSTI could lead to remote code execution...
JIZHICMS 安全漏洞
JIZHICMS Jizhi CMS is an open source content management system CMS from the Chinese company Jizhi JIZHI. A security vulnerability exists in JIZHICMS version 1.7.0 and prior versions, which stems from improper authorization...
Hoosk 安全漏洞
Hoosk is a lightweight content management system from the individual developers at Havok. A security vulnerability exists in Hoosk version 1.7.1, which stems from a cross-site scripting vulnerability that allows remote attackers to obtain sensitive information via the /install/index.php component...
The vulnerability of the Coffee CMS system’s Drupal module, related to the lack of protective measures for website structures, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the Coffee CMS system’s Drupal module is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks...
CVE-2024-12482
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The...
Farmacia 注入漏洞
Farmacia is a content management system from code-projects. An injection vulnerability exists in code-projects Farmacia version 1.0, which stems from an SQL injection vulnerability contained in the id parameter of the /editar-cliente.php file...
Craft CMS 路径遍历漏洞
Craft CMS is a content management system CMS open source by Craft CMS. A path traversal vulnerability exists in Craft CMS versions 4.0.0-RC1 through 4.12.1 and 5.0.0-RC1 through 5.4.2, which stems from the lack of normalizePath in the FileHelper::absolutePath function, and can lead to remote code...
Pluck 安全漏洞
Pluck is a small and simple content management system written in PHP by Pluck CMS Open Source. A security vulnerability exists in Pluck version 4.7.18 that stems from not limiting failed login attempts, allowing an attacker to perform a brute force attack...