27 matches found
EUVD-2025-25813
Malicious code in bioql PyPI...
CVE-2025-52184
Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion...
CVE-2025-52184
Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion...
CVE-2025-52184
Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion...
CVE-2025-52184
Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion...
CVE-2025-52184
CVE-2025-52184 affects Helpy.io version 2.8.0 and involves a Cross Site Scripting flaw in the New Topic Ticket feature that can allow an attacker to escalate privileges. The CVSS data indicates a Network attack vector, low attack complexity, no privileges required, but user interaction is require...
CVE-2025-52184
Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion...
CVE-2020-9007
Codoforum 4.8.8 allows self-XSS via the title of a new topic...
CVE-2025-2043
A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified as critical. This issue affects some unknown processing of the file /adminthemes of the component Add New Topic Handler. The manipulation of the argument Topic Key leads to deserialization. The attack may be initiated remotely...
CVE-2025-2043
A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified as critical. This issue affects some unknown processing of the file /adminthemes of the component Add New Topic Handler. The manipulation of the argument Topic Key leads to deserialization. The attack may be initiated remotely...
CVE-2025-2043
LinZhaoguan pb-cms 1.0.0 contains a deserialization flaw in the Add New Topic Handler when processing Topic Key in /admin#themes. This remote-native exploit may be used to trigger deserialization and is described as critical in CVE-2025-2043. Multiple sources corroborate the issue and its public ...
CVE-2025-2043 LinZhaoguan pb-cms Add New Topic admin#themes deserialization
A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified as critical. This issue affects some unknown processing of the file /adminthemes of the component Add New Topic Handler. The manipulation of the argument Topic Key leads to deserialization. The attack may be initiated remotely...
GZ Forum Script 1.8 - Stored Cross-Site Scripting Vulnerability
Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting XSS Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/gz-forum-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site Relea...
GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)
Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting XSS Date: 30/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/gz-forum-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content ...
CVE-2022-38902
A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...
Cross site scripting
A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...
CVE-2020-9007
Codoforum 4.8.8 allows self-XSS via the title of a new topic...
CVE-2020-9007
Codoforum 4.8.8 allows self-XSS via the title of a new topic...
Design/Logic Flaw
Codoforum 4.8.8 allows self-XSS via the title of a new topic...
CVE-2020-9007
CVE-2020-9007 affects Codoforum 4.8.8. The issue is a self-XSS vulnerability in the title of a new topic, stemming from insufficient validation of client-side data by the web application (CNVD/CVEs describe it as a cross-site scripting flaw). Practical impact is client-side code execution within ...