11 matches found
CVE-2026-55793
Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...
CVE-2026-55793
Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...
CVE-2026-55793 Craft CMS: Stored XSS via Structure entry title in table view
Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...
CVE-2026-55793
Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...
PT-2026-54861
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.22 Description A stored cross-site scripting issue exists where a user with author-level control panel permissions can embed a malicious JavaScript payload within an entry title. The execution occurs wh...
EUVD-2008-3314
Malware in sbrugna...
Craft CMS Cross-site Scripting (XSS) Vulnerability
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab...
CVE-2005-1309
Cross-site scripting XSS vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the 1 entry title field or 2 comment body text...
CVE-2005-1309
Cross-site scripting XSS vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the 1 entry title field or 2 comment body text...
CVE-2005-1309
CVE-2005-1309 is an XSS vulnerability in bBlog 0.7.4 that allows remote attackers to inject arbitrary script or HTML via the entry title field or the comment body text. The weakness is confirmed in multiple sources (NVD entry with CVSSv2 base score 4.3, MEDIUM) and is echoed across related adviso...
CVE-2005-1309
Cross-site scripting XSS vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the 1 entry title field or 2 comment body text...