31 matches found
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-8975
A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...
CVE-2025-8975 givanz Vvveb edit.tpl cross site scripting
A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...
CVE-2025-2491 Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting
A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is...
CVE-2025-2491 Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting
A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is...
UJCMS 代码注入漏洞
UJCMS is a Java open source content management system from dromara open source. A code injection vulnerability exists in UJCMS version 9.7.5, which originates from cross-site scripting of the update function in the Edit Template File Page component and could lead to a remote attack...
PluXml 安全漏洞
PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A security vulnerability exists in PluXml version v5.8.16 and earlier versions, which stems from a Remote Code Execution RCE vulnerability in the...
CVE-2022-28864
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...
PT-2023-12956 · Nokia · Nokia Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Administration of Measurements website section, where a malicious user can edit or add the templateName parameter to include JavaScript code. This code is then stored and...
Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
The plugin does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin Translator and Administrator by default to add arbitrary javascript payloads to the source...
CVE-2020-27466
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...
rConfig 安全漏洞
rConfig is an open source web configuration management utility. rConfig version 3.9.6 contains a security vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php, which can be exploited by attackers to execute arbitrary code via specially crafted files...
CVE-2020-15277
baserCMS before version 4.4.1 is affected by Remote Code Execution RCE. Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1...
CVE-2020-15277
baserCMS before version 4.4.1 is affected by Remote Code Execution RCE. Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1...
Remote code execution
baserCMS before version 4.4.1 is affected by Remote Code Execution RCE. Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1...
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Remote Code Execution RCE. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit template. Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches :...
GHSA-6FMV-Q269-55CW Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Remote Code Execution RCE. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit template. Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches :...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18326)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-template.php in Chadha PHPKB Standard Multi-Language version 9...