CVE-2024-29368

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...

PT-2024-22868 · Mozilocms · Mozilocms

Name of the Vulnerable Software and Affected Versions: moziloCMS version 2.0 Description: The issue allows attackers to bypass file upload restrictions, potentially leading to unauthorized file execution or storage of malicious content. This is achieved by renaming files, which can result in the...

CVE-2024-2245

Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter...

Cross site scripting

Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter...

Cross site scripting

A stored cross site scripting XSS vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter...

CVE-2020-25394

The connected records confirm CVE-2020-25394 affects moziloCMS 2.0 with a stored XSS via the Content parameter. Authenticated users can inject web scripts/HTML, enabling arbitrary script execution in the context of the affected web app. The vulnerability is described consistently across CVE/NVD a...