17 matches found
EUVD-2018-8572
Malware in sbrugna...
Cross-site Scripting (XSS)
Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Navigation/Title Text/Description Source argument due to improper sanitization. Details Cross-site scripting or XSS is a code...
GHSA-74GC-HF33-5353 Fork CMS Cross-site Scripting Vulnerability
Fork before 5.8.3 allows XSS via navigationtitle or title...
GHSA-VP4X-94FF-2CMV Cross-site scripting in forkcms
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
Cross site scripting
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
Design/Logic Flaw
Fork before 5.8.3 allows XSS via navigationtitle or title...
CVE-2020-13633
Fork before 5.8.3 allows XSS via navigationtitle or title...
CVE-2018-16772
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new...
CVE-2018-16772
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new...
Hoosk Cross-Site Scripting Vulnerability
Hoosk is a lightweight user-centered content management system CMS. The system has built-in Codelgniter for creating responsive websites. A cross-site scripting vulnerability exists in Hoosk 1.7.0, which can be exploited by an attacker via the navigation title of a new page entered at...
Cross site scripting
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication aka a...
Cross site scripting
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...
CVE-2017-9547
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...
CVE-2017-9547
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...