Lucene search
K

37 matches found

OSV
OSV
added 2024/02/22 3:30 p.m.12 views

GHSA-38M8-5GFC-663G Enhavo Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

5.4CVSS5.2AI score0.00397EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/02/22 12:0 a.m.18 views

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

5.7AI score0.00397EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.6 views

PT-2024-21178 · Unknown · Enhavo Cms

Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the New/Edit Article module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. Recommendations: F...

5.4CVSS6AI score0.00397EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2024/02/22 12:0 a.m.12 views

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

5.2AI score0.00397EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.5 views

SUSE CVE-2013-4138

Cross-site scripting XSS vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors...

2.1CVSS5.8AI score0.00931EPSS
Exploits0References3
OSV
OSV
added 2021/12/02 11:15 p.m.3 views

CVE-2021-25784

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...

7.2CVSS5.8AI score0.01098EPSS
Exploits1References1
NVD
NVD
added 2021/12/02 11:15 p.m.21 views

CVE-2021-25784

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...

7.2CVSS0.01098EPSS
Exploits1References1
Prion
Prion
added 2021/12/02 11:15 p.m.17 views

Sql injection

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...

6.5CVSS7.3AI score0.01098EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/02 10:21 p.m.26 views

CVE-2021-25784

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...

7.5AI score0.01098EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/13 12:0 a.m.1 views

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18325)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9. The...

4.8CVSS6AI score0.00611EPSS
Exploits1References1
NVD
NVD
added 2020/03/12 2:15 p.m.28 views

CVE-2020-10496

CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request...

4.3CVSS4.5AI score0.00485EPSS
Exploits1References2
OSV
OSV
added 2020/03/12 2:15 p.m.4 views

CVE-2020-10496

CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request...

4.3CVSS5.8AI score0.00485EPSS
Exploits1References2
OSV
OSV
added 2020/03/12 2:15 p.m.4 views

CVE-2020-10464

Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...

4.8CVSS5.9AI score0.00611EPSS
Exploits1References2
OSV
OSV
added 2020/03/12 2:15 p.m.3 views

CVE-2020-10401

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-article.php by adding a question mark ? followed by the payload...

4.8CVSS5.9AI score0.00733EPSS
Exploits3References2
CNVD
CNVD
added 2017/06/09 12:0 a.m.3 views

Xycms edit_article.php page id parameter has SQL injection vulnerability

XYCMS was formerly known as Nanjing XYCMS Enterprise Station Building System, which is a commercial station building system based on ASP development. Xycms editarticle.php page id parameter has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database...

7.8AI score
Exploits0
NVD
NVD
added 2012/11/19 12:10 p.m.20 views

CVE-2012-5919

Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...

4.3CVSS5.8AI score0.01822EPSS
Exploits1References6
Prion
Prion
added 2012/11/19 12:10 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...

4.3CVSS6.1AI score0.01822EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder