3 matches found
EUVD-2026-31358
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search bar process when page descriptions are inserted into raw HTML without proper sanitization. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious conten...
Tiki 安全漏洞
Tiki is a suite of open source content management and portal applications from the Tiki community that can be used to create web applications, portals, corporate intranets, extranets, and more. A security vulnerability exists in Tiki version 27.0 and earlier, which originates from a user with...