CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

EUVD-2021-33122

Malicious code in bioql PyPI...

EUVD-2025-13405

Malicious code in bioql PyPI...

CVE-2025-4293

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-4293

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-4293

CVE-2025-4293 affects MRCMS 3.1.3, specifically the Group Edit Page component’s /admin/group/edit.do. The root cause is a cross-site scripting vulnerability in an unknown functionality of that endpoint, which can be exploited remotely. Public disclosure and available details indicate exploitation...

CVE-2025-4293 MRCMS Group Edit Page edit.do cross site scripting

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-4293 MRCMS Group Edit Page edit.do cross site scripting

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

PT-2025-19807 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.3 Description: A vulnerability was found in the Group Edit Page component, specifically affecting some unknown functionality of the file /admin/group/edit.do. This issue leads to cross-site scripting and can be exploited...

MRCMS 代码注入漏洞

MRCMS is a content management system by the individual developer of marker. A code injection vulnerability exists in MRCMS version 3.1.3, which originates from a cross-site scripting attack due to a misuse of the file /admin/group/edit.do...

CVE-2024-4592

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sysgroupedit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

Desdev DedeCMS 跨站请求伪造漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Desdev Network Desdev. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery vulnerability...

PT-2023-24997 · Bloofox · Bloofox

Name of the Vulnerable Software and Affected Versions: bloofox version 0.5.2.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the gid parameter at the "admin/index.php?mode=user&page=groups&action=edit" endpoint. Recommendations: For...

CVE-2021-46446

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=adminaccessgroupedit&aagID...

CVE-2021-46444

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admingroupedit&agID...

Sql injection

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=adminaccessgroupedit&aagID...

CVE-2021-46446

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=adminaccessgroupedit&aagID...

H.H.G. Multistore SQL注入漏洞

H.H.G. Multistore is a software designed to manage multiple stores from the German company H.H.G. Multistore. A security vulnerability exists in H.H.G. Multistore v5.1.0 and below that allows an attacker to perform SQL injection via /admin/admin.php?module=admingroupedit&agID...

Bitweaver 跨站脚本漏洞

Bitweaver is an open source content management system CMS. A security vulnerability exists in Bitweaver version 3.1.0, which can be exploited by remote attackers to inject JavaScript via the user admin edit group.php URI...