30 matches found
CVE-2026-10284
A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...
CVE-2026-10284 DevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorization
A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...
CVE-2026-10284 DevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorization
A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...
EUVD-2026-33752
A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...
CVE-2026-10284
A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...
Project Management Authorization Vulnerabilities
Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from improper authorization i...
CVE-2026-21393
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...
CVE-2026-21393
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...
CVE-2026-21393
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...
EUVD-2026-5437
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...
CVE-2026-21393
Movable Type CVE-2026-21393 is a stored cross-site scripting vulnerability in the Edit Comment feature. A crafted input stored by an attacker can cause arbitrary script execution in a logged-in user’s browser. Affected: Movable Type 7.x and 8.4.x (including EOL series). Root cause: stored XSS in ...
CVE-2026-21393
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...
CVE-2026-21393
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...
PT-2026-6098
Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description Movable Type has a stored cross-site scripting issue in the Edit Comment functionality. An attacker could execute arbitrary script in a logged-in user’s web browser by storing crafted input. The...
EUVD-2006-0329
Malware in sbrugna...
SUSE CVE-2006-0322
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service infinite loop via "certain malformed links."...
CVE-2020-35597
Victor CMS 1.0 is vulnerable to SQL injection via cid parameter of admineditcomment.php, pid parameter of admineditpost.php, uid parameter of adminedituser.php, and edit parameter of adminupdatecategories.php...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18334)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language version 9...
PT-2020-12137 · Chadha · Chadha Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to inject arbitrary web script or HTML via the GET parameter p in the admin/edit-comment.php file. This enables attackers to perform a Reflected XSS attack...
Cross site scripting
Cross-site scripting XSS vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job...