14 matches found
FoxCMS Cross-Site Scripting Vulnerability
FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.2.16 and previous versions of the existence of cross-site scripting vulnerability, the vulnerability stems from the file app/admin/controller/Product.php parameter Title on the user-provided data...
EUVD-2011-3664
Malware in sbrugna...
CVE-2025-11306 qianfox FoxCMS Search cross site scripting
A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component Search Page. The manipulation of the argument keyword results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could...
EUVD-2025-26630
Malicious code in bioql PyPI...
CVE-2025-55420
A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...
CVE-2025-5155
A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The attack can be launched remotely. The exploit h...
CVE-2011-3705
Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files...
CVE-2011-3705
Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files...
Information disclosure
Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files...
CVE-2011-3705
Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files...
CVE-2011-3705
CVE-2011-3705 affects Arctic Fox CMS 0.9.4. Affected component is PHP files (notably acp/includes/edit.inc.php and similar) where a direct request to a PHP file can cause an error message that reveals the installation path, enabling information disclosure. The abuse is a remote attack that does n...
HTB22833: Information Disclosure in Arctic Fox CMS
Vulnerability ID: HTB22833 Reference: http://www.htbridge.ch/advisory/informationdisclosureinarcticfoxcms.html Product: Arctic Fox CMS Vendor: Michael Armbruster http://sourceforge.net/projects/arcticfox/ Vulnerable Version: 0.9.4 and probably prior versions Vendor Notification: 01 February 2011...
Arctic Fox CMS 0.9.4 Information Disclosure
Vulnerability ID: HTB22833 Reference: http://www.htbridge.ch/advisory/informationdisclosureinarcticfoxcms.html Product: Arctic Fox CMS Vendor: Michael Armbruster http://sourceforge.net/projects/arcticfox/ Vulnerable Version: 0.9.4 and probably prior versions Vendor Notification: 01 February 2011...
Information Disclosure Vulnerability in Arctic Fox CMS
High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in Arctic Fox CMS which could be exploited to disclose potentially sensitive information. 1 Information disclosure vulnerability in Arctic Fox CMS The vulnerability exists due to insufficient handling of error messages in th...