10 matches found
Koha 安全漏洞
Koha is a library automation management system developed by the Koha organization. Versions of Koha prior to 25.11 contained a security vulnerability, which stemmed from a cross-site scripting vulnerability in the News feature. This vulnerability could allow remote attackers to execute arbitrary...
EUVD-2018-2494
Malware in sbrugna...
Schoolbox Cross-Site Scripting Vulnerability
Schoolbox is an online learning platform from Schoolbox Australia. A cross-site scripting vulnerability exists in Schoolbox versions prior to 23.1.3, which stems from a cross-site scripting vulnerability in the News feature that allows an authenticated attacker to perform a secure operation in an...
Cross-site Scripting (XSS)
sheng/yiicms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to the lack of a validation in the news features form elements, which allows an attacker to inject and execute arbitrary JavaScript into the browser...
CVE-2022-39020
Multiple instances of XSS stored and reflected was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting...
CVE-2020-23241
Cross Site Scripting XSS vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News Article" feature...
CVE-2018-10422
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field...
CVE-2018-10422
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field...
HongCMS Cross-Site Scripting Vulnerability
HongCMS is an open source lightweight content management system CMS. A cross-site scripting vulnerability exists in the Add News feature in HongCMS version 3.0.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a content field...
Cross site scripting
XSS exists in the CMS Made Simple CMSMS 2.1.6 "Content--News--Add Article" feature via the m1title parameter. Someone must login to conduct the attack...