2 matches found
CVE-2024-25876
Enhavo CMS v0.13.1’s Header module is vulnerable to Cross‑Site Scripting (XSS) via a crafted payload injected into the Title field. The root cause is inadequate sanitization of user-supplied input in Title, enabling execution of arbitrary scripts in the affected context. Public advisories and vul...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...