8 matches found
Cross-site Scripting (XSS)
Overview FluentCMS.Web.UI is a FluentCMS Web UI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Add Page process. An attacker can execute arbitrary JavaScript code in the context of an administrator's session by injecting malicious script tags into the section...
CVE-2025-66492
Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...
EUVD-2025-203028
Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...
CVE-2025-66492 Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter
Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...
CVE-2025-66492 Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter
Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...
CVE-2025-66492
CVE-2025-66492 – Masa CMS : Multiple Masa CMS releases are vulnerable to XSS when an unsanitized value from the ajax URL query parameter is injected into the HTML head. Affected versions include 7.2.8 and earlier, 7.3.1–7.3.13, 7.4.0-alpha.1–7.4.8, and 7.5.0–7.5.1. The issue allows execution of a...
PT-2025-50881
Name of the Vulnerable Software and Affected Versions Masa CMS versions 7.2.8 and below Masa CMS versions 7.3.1 through 7.3.13 Masa CMS versions 7.4.0-alpha.1 through 7.4.8 Masa CMS versions 7.5.0 through 7.5.1 Description Masa CMS, an open source Enterprise Content Management platform, is...
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...