37 matches found
CVE-2026-32731
ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...
CVE-2026-32731
CVE-2026-32731 affects ApostropheCMS via the @apostrophecms/import-export gzip extractor. The extract(filepath, exportPath) uses fs.createWriteStream(path.join(exportPath, header.name)) without sanitising path traversal, allowing Zip Slip if a crafted .tar.gz is uploaded by a user with Global Con...
PT-2026-26159
Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...
EUVD-2017-11097
Malware in sbrugna...
EUVD-2023-48240
Malicious code in bioql PyPI...
CVE-2017-20090
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...
Access Limitless Global Content: How Residential Proxies Enable It
By Uzair Amir Residential proxies bypass geo-restrictions, unlocking global content & websites. Enjoy unrestricted browsing, enhanced privacy, and a world of opportunity for business and personal use. Explore residential proxies today! This is a post from HackRead.com Read the original post: Acce...
RiteCMS Cross-Site Scripting Vulnerability (CNVD-2026-05346)
RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary code via a specially crafted payload in Global Content Blocks in the Administration Menu...
CVE-2023-43879
Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...
CVE-2023-43879
Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...
Cross site scripting
Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...
CVE-2023-43879
Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...
RiteCMS Cross-Site Scripting Vulnerability
RiteCMS is a website CMS. A cross-site scripting vulnerability exists in RiteCMS version 3.0. An attacker can exploit this vulnerability to execute arbitrary code in Global Content Blocks in the Administration Menu via a specially crafted payload...
PT-2023-29024 · Ritecms · Ritecms
Name of the Vulnerable Software and Affected Versions: Rite CMS version 3.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. This is a Cross-Site scripting XSS issue. Recommendations: For Rite CMS...
CVE-2023-43879
Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...
CVE-2023-43879
Summary: CVE-2023-43879 affects RiteCMS 3.0 with a Cross-Site Scripting (XSS) flaw that allows an attacker to run arbitrary code via a crafted payload in the Global Content Blocks within the Administration Menu. The vulnerability is consistently described across multiple connected sources. What’s...
CVE-2017-20090
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...
Cross site request forgery (csrf)
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...
CVE-2017-20090 Global Content Blocks Plugin cross-site request forgery
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...
CVE-2017-20090 Global Content Blocks Plugin cross-site request forgery
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...