Lucene search
K

563 matches found

Cvelist
Cvelist
added 2026/04/09 12:0 a.m.23 views

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.10 views

PT-2026-31638

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

6AI score0.00133EPSS
Exploits0References3
Veracode
Veracode
added 2026/04/04 5:24 a.m.10 views

Improper Privilege Management

ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled profile name input, which allows an attacker to inject and execute malicious JavaScript in application views...

9.4CVSS5.9AI score0.00297EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.7 views

CVE-2026-34561

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple...

8.4CVSS5.8AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.3 views

CVE-2026-34564

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Manageme...

9.1CVSS5.7AI score0.00307EPSS
Exploits1References1
NVD
NVD
added 2026/04/01 10:16 p.m.10 views

CVE-2026-34566

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editi...

9.1CVSS0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 10:6 p.m.1 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Categories section of blog management. An attacker can execute arbitrary JavaScript in the context of other users by...

9.1CVSS6AI score0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 10:5 p.m.5 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the menu management process when user-controlled input is added to navigation menus via the Posts section and rendered without proper output...

9.1CVSS6AI score0.00269EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 10:4 p.m.6 views

EUVD-2026-18076

CI4MS: Menu Management Pages Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

9.1CVSS5.8AI score0.00307EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 10:4 p.m.13 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the menu management process when user-controlled input is added to navigation menus and rendered without proper sanitization or output encoding...

9.1CVSS6AI score0.00307EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:27 p.m.3 views

CVE-2026-34566

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editi...

9.1CVSS5.7AI score0.00269EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:23 p.m.1 views

CVE-2026-34562

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...

4.7CVSS5.8AI score0.00274EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:23 p.m.1 views

CVE-2026-34561

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple...

4.7CVSS5.8AI score0.00229EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.8 views

PT-2026-29627

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative configuration fields, including Company Name, Slogan, Company Phone, Compa...

4.7CVSS5.9AI score0.00274EPSS
Exploits1References6
Redos
Redos
added 2026/04/01 12:0 a.m.9 views

ROS-20260401-73-0001

A vulnerability in the HTML Style Checker module of RoundCube Webmail is related to incorrect encoding or escaping of output data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

7.5CVSS5.9AI score0.00244EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29626

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS, a CodeIgniter 4-based CMS, is susceptible to a stored Cross-site Scripting XSS issue within the System Settings – Social Media Management section. The application does not properly sanitize...

4.7CVSS6AI score0.00229EPSS
Exploits1References6
Snyk
Snyk
added 2026/03/31 11:22 p.m.6 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the jsonToFormElements process in admin/functions.php when user-controlled plugin configuration values are rendered in HTML forms witho...

6.1CVSS5.8AI score0.00217EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/31 8:40 p.m.9 views

EUVD-2026-17634

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...

6.1CVSS6AI score0.00217EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.7 views

PT-2026-29355

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The AVideo admin panel does not properly encode plugin configuration values when rendering them in HTML forms. The jsonToFormElements function in admin/functions.php directly interpolates...

6.1CVSS5.9AI score0.00217EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.12 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of output encoding when the administrator panel’s rendering plugin values were being...

6.1CVSS5.6AI score0.00217EPSS
Exploits1References2
Rows per page
Query Builder