37 matches found
GHSA-38M8-5GFC-663G Enhavo Cross-site Scripting vulnerability
A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...
CVE-2024-25874
A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...
PT-2024-21178 · Unknown · Enhavo Cms
Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the New/Edit Article module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. Recommendations: F...
CVE-2024-25874
A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...
SUSE CVE-2013-4138
Cross-site scripting XSS vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2021-25784
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...
CVE-2021-25784
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...
Sql injection
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...
CVE-2021-25784
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18325)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9. The...
CVE-2020-10496
CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request...
CVE-2020-10496
CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request...
CVE-2020-10464
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
CVE-2020-10401
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-article.php by adding a question mark ? followed by the payload...
Xycms edit_article.php page id parameter has SQL injection vulnerability
XYCMS was formerly known as Nanjing XYCMS Enterprise Station Building System, which is a commercial station building system based on ASP development. Xycms editarticle.php page id parameter has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database...
CVE-2012-5919
Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...