Lucene search
K

37 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.7 views

CVE-2026-32731

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

9.9CVSS5.7AI score0.00432EPSS
Exploits1References1
CVE
CVE
added 2026/03/18 10:3 p.m.15 views

CVE-2026-32731

CVE-2026-32731 affects ApostropheCMS via the @apostrophecms/import-export gzip extractor. The extract(filepath, exportPath) uses fs.createWriteStream(path.join(exportPath, header.name)) without sanitising path traversal, allowing Zip Slip if a crafted .tar.gz is uploaded by a user with Global Con...

9.9CVSS5.6AI score0.00432EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26159

Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...

9.9CVSS5.8AI score0.00432EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-11097

Malware in sbrugna...

8.8CVSS8.6AI score0.00557EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-48240

Malicious code in bioql PyPI...

4.8CVSS5.3AI score0.00486EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:55 a.m.9 views

CVE-2017-20090

A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...

8.8CVSS6.8AI score0.00557EPSS
Exploits1References1
HackRead
HackRead
added 2024/04/17 1:10 p.m.20 views

Access Limitless Global Content: How Residential Proxies Enable It

By Uzair Amir Residential proxies bypass geo-restrictions, unlocking global content & websites. Enjoy unrestricted browsing, enhanced privacy, and a world of opportunity for business and personal use. Explore residential proxies today! This is a post from HackRead.com Read the original post: Acce...

7.4AI score
Exploits0
CNVD
CNVD
added 2023/10/13 12:0 a.m.5 views

RiteCMS Cross-Site Scripting Vulnerability (CNVD-2026-05346)

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary code via a specially crafted payload in Global Content Blocks in the Administration Menu...

4.8CVSS6.1AI score0.00486EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/09/28 3:15 p.m.4 views

CVE-2023-43879

Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...

4.8CVSS6.3AI score0.00486EPSS
Exploits1References2
NVD
NVD
added 2023/09/28 3:15 p.m.15 views

CVE-2023-43879

Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...

4.8CVSS5.1AI score0.00486EPSS
Exploits1References1
Prion
Prion
added 2023/09/28 3:15 p.m.28 views

Cross site scripting

Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...

4.3CVSS5.2AI score0.00486EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/28 12:0 a.m.18 views

CVE-2023-43879

Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...

6.3AI score0.00486EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/28 12:0 a.m.5 views

RiteCMS Cross-Site Scripting Vulnerability

RiteCMS is a website CMS. A cross-site scripting vulnerability exists in RiteCMS version 3.0. An attacker can exploit this vulnerability to execute arbitrary code in Global Content Blocks in the Administration Menu via a specially crafted payload...

4.8CVSS6.8AI score0.00486EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.6 views

PT-2023-29024 · Ritecms · Ritecms

Name of the Vulnerable Software and Affected Versions: Rite CMS version 3.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. This is a Cross-Site scripting XSS issue. Recommendations: For Rite CMS...

4.8CVSS6.8AI score0.00486EPSS
Exploits1References8
Cvelist
Cvelist
added 2023/09/28 12:0 a.m.20 views

CVE-2023-43879

Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...

5.4AI score0.00486EPSS
Exploits1References1
CVE
CVE
added 2023/09/28 12:0 a.m.110 views

CVE-2023-43879

Summary: CVE-2023-43879 affects RiteCMS 3.0 with a Cross-Site Scripting (XSS) flaw that allows an attacker to run arbitrary code via a crafted payload in the Global Content Blocks within the Administration Menu. The vulnerability is consistently described across multiple connected sources. What’s...

4.8CVSS5.1AI score0.00486EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2022/06/23 5:15 a.m.10 views

CVE-2017-20090

A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...

8.8CVSS0.00557EPSS
Exploits1References2
Prion
Prion
added 2022/06/23 5:15 a.m.15 views

Cross site request forgery (csrf)

A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...

6.8CVSS8.5AI score0.00557EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/23 4:20 a.m.7 views

CVE-2017-20090 Global Content Blocks Plugin cross-site request forgery

A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...

4.3CVSS7AI score0.00557EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/06/23 4:20 a.m.20 views

CVE-2017-20090 Global Content Blocks Plugin cross-site request forgery

A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely...

4.3CVSS8.6AI score0.00557EPSS
Exploits1References2
Rows per page
Query Builder