CVE-2022-50905 e107 CMS v3.2.1 - Reflected XSS via Comment Flow

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...

e107 跨站脚本漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A cross-site scripting vulnerability...

EUVD-2010-1249

Malware in sbrugna...

EUVD-2022-31872

Malicious code in bioql PyPI...

CVE-2023-5782

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/deletequery.php of the component General News. The manipulation of the argument NEWSID leads to sql injection. The exploit has been disclosed to the publ...

CVE-2025-44073

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admincommentnews.php...

CVE-2025-0841 Aridius XYZ News loadMore deserialization

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the publi...

PT-2025-4067 · Opencart +1 · Opencart +1

Name of the Vulnerable Software and Affected Versions: Aridius XYZ up to 20240927 on OpenCart Description: The issue affects the loadMore function of the News component, leading to deserialization. It can be initiated remotely. Recommendations: Aridius XYZ up to 20240927 on OpenCart: Upgrade the...

OpenCart Aridius 代码问题漏洞

OpenCart Aridius is an OpenCart extension from OpenCart, Inc. A code issue vulnerability exists in OpenCart Aridius XYZ 20240927 and earlier versions, which stems from a deserialization issue in the loadMore function of the News component...

PT-2023-32321 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 up to 11.10 Description: A critical vulnerability was found in the General News component of Tongda OA. The issue affects an unknown function of the file /manage/delete query.php. The manipulation of the NEWS ID argument leads ...

CMS Made Simple Cross-Site Scripting Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made Simple...

CVE-2022-27369

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component newsNews.phphy...

CScms SQL注入漏洞

CScms is a Content Management System CMS developed based on the CI framework.Cscms Music Portal System v4.2 is vulnerable to SQL injection, which can be exploited by attackers via the component newsNews.phphy...

CVE-2010-1219

Directory traversal vulnerability in the JA News comjanews component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. dot dot in the controller parameter to index.php. NOTE: some of these details are obtained from third party information...