CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

CVE-2026-22315

CVE-2026-22315 : An Incorrect Privilege Assignment vulnerability affects the Mesalvo Meona ecosystem, specifically the Meona Client Launcher Component (through 19.06.2020 15:11:49) and the Meona Server Component (through 2025.04 5+323020). The issue enables export of user data, including cleartex...

@antv/ava (=3.6.0-alpha.0), @antv/g (>=6.0.0 <=6.2.1) +6 more potentially affected by unknown CVE via @antv/g-camera-api (>=2.0.0 <=2.0.9)

@antv/g-camera-api NPM version =2.0.0, =6.0.0, =0.5.9, =2.0.0, =1.2.5, =1.2.6 - expression-language-editor =0.0.4 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3910...

CVE-2021-47788

WebsiteBaker 2.13.0 is affected by an authenticated remote code execution (RCE) vulnerability. The issue arises when users with language editing rights manipulate parameters in the language installation endpoint, allowing remote code execution on the server. No fix version is provided in the conn...

CVE-2025-10018

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...

CVE-2025-10018

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...

CVE-2025-10018

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...

CVE-2025-10018 Multiple Stored XSS in QuickCMS

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...

CVE-2025-10018

Summary (CVE-2025-10018) : QuickCMS is reported vulnerable to multiple Stored XSS in the language editor. Affected: version 6.8 (only this version was tested; other versions were not tested and may also be affected). Impact: an attacker with admin privileges can inject arbitrary HTML/JS, leading ...

EUVD-2025-197611

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...

PT-2025-46952

Name of the Vulnerable Software and Affected Versions QuickCMS version 6.8 QuickCMS affected versions not specified Description QuickCMS is susceptible to multiple Stored Cross-Site Scripting XSS issues within the language editor functionality, specifically in the 'languages' section. An attacker...

QuickCMS 跨站脚本漏洞

QuickCMS is an open source content management system from QuickCMS. A cross-site scripting vulnerability exists in QuickCMS version 6.8, which stems from a stored cross-site script in the Language Editor feature that could lead to arbitrary HTML and JS injection...

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

ISPConfig Security Vulnerability

ISPConfig is a set of Linux-based open source hosting control panel, which allows you to manage multiple servers, open web sites, monitor server operation status, etc. via a web control panel. A security vulnerability exists in ISPConfig versions prior to 3.2.11p1, which stems from the fact that ...

MyBB 1.6.11 - Remote Code Execution

MyBB 1.6.11 - Remote Code Execution input'info' as $key = $info $info = strreplace"\", "\\", $info; $info = strreplace'$', '$', $info; $newlanginfo$key = strreplace""", '"', $info; and Line 69: $langinfo'admin' = $newlanginfo'admin'; You can see that some chars are being replaced , however...