Lucene search
+L

11 matches found

nvd
nvd
added 2026/07/01 10:16 p.m.6 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
cve
cve
added 2026/07/01 9:57 p.m.16 views

CVE-2026-55793

Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/01 9:57 p.m.33 views

CVE-2026-55793 Craft CMS: Stored XSS via Structure entry title in table view

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/01 9:57 p.m.7 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.6 views

PT-2026-54861

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.22 Description A stored cross-site scripting issue exists where a user with author-level control panel permissions can embed a malicious JavaScript payload within an entry title. The execution occurs wh...

5.9CVSS6AI score0.00412EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-3314

Malware in sbrugna...

2.6CVSS6.1AI score0.02389EPSS
Exploits1References13
github
github
added 2022/05/14 1:20 a.m.21 views

Craft CMS Cross-site Scripting (XSS) Vulnerability

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab...

4.8CVSS5.8AI score0.03702EPSS
Exploits5References5Affected Software1
nvd
nvd
added 2005/05/02 4:0 a.m.20 views

CVE-2005-1309

Cross-site scripting XSS vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the 1 entry title field or 2 comment body text...

4.3CVSS5AI score0.0125EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2005/05/02 4:0 a.m.29 views

CVE-2005-1309

Cross-site scripting XSS vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the 1 entry title field or 2 comment body text...

4.3CVSS6AI score0.0125EPSS
Exploits1References1
cve
cve
added 2005/04/27 4:0 a.m.46 views

CVE-2005-1309

CVE-2005-1309 is an XSS vulnerability in bBlog 0.7.4 that allows remote attackers to inject arbitrary script or HTML via the entry title field or the comment body text. The weakness is confirmed in multiple sources (NVD entry with CVSSv2 base score 4.3, MEDIUM) and is echoed across related adviso...

4.3CVSS5AI score0.0125EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2005/04/27 4:0 a.m.21 views

CVE-2005-1309

Cross-site scripting XSS vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the 1 entry title field or 2 comment body text...

5AI score0.0125EPSS
Exploits1References4
Rows per page
Query Builder