PT-2026-20789

Name of the Vulnerable Software and Affected Versions LibreNMS versions 26.1.1 and below Description LibreNMS is a network monitoring tool. A stored cross-site scripting XSS issue exists due to insufficient sanitization of the port group name. An attacker with administrator privileges can inject...

CMSimple Cross-Site Scripting Vulnerability

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...

CVE-2021-47733

CMSimple 5.4 is affected by a cross-site scripting vulnerability that bypasses input filtering by HTML Unicode encoding. The vulnerability arises because the application does not effectively neutralize HTML Unicode encoding when processing user input, enabling an attacker to inject arbitrary Java...

CVE-2021-47733 CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding

CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...

PT-2025-52833

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description The software contains a cross-site scripting issue that allows attackers to bypass input filtering. This is achieved by using HTML to Unicode encoding, enabling the injection of malicious scripts. Attackers can...

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization on the Service template name which is reflecting in delete button onclick event. This allows malicious javascript code to be stored and executed...

GHSA-72M9-7C8X-PMMW LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS

Summary There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code. Vulnerable Code...

LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS

Summary There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code. Vulnerable Code...

The Citrix Workspace app cannot be reset via the command line

When installed by specifying an account Store URL from the command line, the Citrix Workspace app cannot be reset via the following command from the CLI. And the Delete button on the "Account-Edit" screen becomes inactive so that the account cannot be deleted. "C:\Program Files x86\Citrix\ICA...

Fuel CMS 1.5.0 - Cross-Site Request Forgery Vulnerability

Exploit Title: Fuel CMS 1.5.0 - Cross-Site Request Forgery CSRF Google Dork: NA Exploit Author: Ali J Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.5.0 Version: 1.5.0 Tested on: Windows 10 Steps to Reproduce: 1. Login with us...

Design/Logic Flaw

GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button...

Event Manager Admin panel - events_new.php SQL injection

Event Manager Admin panel - eventsnew.php SQL injection Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...

Envoy: Delete visitor from IPAD with fullname which contains JS results XSS

Hi, Update visitor from IPAD with fullname of alert1 and save. IGNORE THE POP UP, IT HAS BEEN REPORTED ALREADY Delete this user, XSS will pop up, the fullname is now stored XSS. Any visitor which using the IPAD application can create stored XSS which will be activate once you clicked on the delet...