PT-2025-48127

In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly...

EUVD-2022-24880

Malicious code in bioql PyPI...

CVE-2022-1590

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input leads to cross site scripting. The attack can be initiated remotely but...

Bludit 代码问题漏洞

Bludit is an open source lightweight blog content management system CMS. A code issue vulnerability exists in Bludit v3.14.1, which stems from an arbitrary file upload vulnerability in the component /admin/new-content that allows an attacker to execute arbitrary web script or HTML by uploading a...

PT-2023-25030 · Bludit · Bludit

Name of the Vulnerable Software and Affected Versions: Bludit version 3.14.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file in the /admin/new-content component. This is possible due to an arbitrary file upload vulnerability. It's...

CVE-2022-1590

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert1 leads to cross site scripting. The attack can be initiated remotely...

CVE-2022-1590

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert1 leads to cross site scripting. The attack can be initiated remotely...

Cross site scripting

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert1 leads to cross site scripting. The attack can be initiated remotely...

CVE-2022-1590 Bludit New Content Module new-content cross site scripting

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert1 leads to cross site scripting. The attack can be initiated remotely...

CVE-2022-1590

Bludit 3.13.1 is affected by a Cross-Site Scripting vulnerability in the New Content module, exposed via the /admin/new-content endpoint. The issue stems from unsafely handling user-supplied content (example payload: ), enabling client-side script execution. The attack is remotely initiable but r...

CVE-2022-1590 Bludit New Content Module new-content cross site scripting

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input alert1 leads to cross site scripting. The attack can be initiated remotely...

Bludit 跨站脚本漏洞

Bludit CMS is an open source lightweight blog content management system CMS. v3.13.1 of Bludit CMS contains a cross-site scripting vulnerability that originates from the lack of filtering and validation of user input data on the /admin/new-content page. An attacker could use this vulnerability to...

Cross site scripting

Cross-site scripting XSS vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to contentmanagementsystem\admin\newcontent.php...

CVE-2019-4724

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130...

Design/Logic Flaw

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130...

CVE-2019-4724

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130...

Policy Compliance Library Updates, April 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

CVE-2018-17069

An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay...

Cross site request forgery (csrf)

An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay...

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...