GHSA-676V-WH57-P375 Dolibarr Allows Code Injection through its Website Module

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

CVE-2026-31018

In Dolibarr ERP & CRM <= 22.0.4, the Website module’s PHP code detection and editing permission enforcement is not consistently applied to all input parameters. This allows an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website ...

CVE-2025-62802

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most...

EUVD-2020-12441

Malware in sbrugna...

CVE-2019-15081

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages...

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5 1.9.3...

CVE-2020-1567

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the...

MSHTML Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the...

MSHTML Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the...

CVE-2019-15081

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages...

Design/Logic Flaw

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages...

CVE-2019-15081

OpenCart 3.x is affected. The vulnerability is a stored XSS in the admin panel’s Source/HTML editing for Categories, Product, and Information pages, exploitable when an attacker has login access. Root cause: unsanitized input in the admin editing feature allows arbitrary JavaScript execution on t...

MSHTML Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the...

CmsEasy最新 V5.5-UTF8 正式版暴力注入

简要描述： 官网下载最新版为20140605 注入+后台getshell 详细说明： cmseasy最新版后台无验证码，导致管理员账户可被暴力破解： 1.cmseasy后台无验证码导致可暴力破解管理员密码登陆后台； 2.后台模板编辑html文件，发现html里可执行php代码，利用php的写文件函数写shell。 漏洞证明： 0x01:爆破登陆后台 1.后台点击登陆后抓包： 2.burp爆破，通过回显得知管理员密码： 3.成功登陆后台： 0x02:后台模板编辑getshell 后台模板编辑处，我们先看left.html，点击编辑后发现是一堆代码。那我添加写文件的代码不就getshell了...

Default Applications

Under the Programs tab, you can specify your default applications for viewing web sites, email messages, HTML editing and various other network related tasks. You can also disable Internet Explorer from asking you if you would like it to be your default web browser here. See more information on...

CVE-2002-1056

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format RTF, which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or...