Bucket 跨站脚本漏洞

Bucket is a structured data storage extension for MediaWiki developed by Weird Gloop. Versions of Bucket prior to 2.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the PAGE type field containing stored cross-site scripts, which could allow malicious scripts to ...

CVE-2026-30917 Stored XSS on Bucket namespace pages

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

CVE-2026-2019

CVE-2026-2019 concerns the Cart All In One For WooCommerce WordPress plugin (versions

CVE-2022-0710

The Header Footer Code Manager plugin = 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter...

GHSA-QQFQ-7CPP-HCQJ Contao does not properly manage privileges for page and article fields

Impact Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds None. For more information If you have any questions or comments about this advisory, open an issue in...

CVE-2025-30735

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Page and Field Configuration. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2024-57537

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field page is copied to the stack without length verification...

PT-2025-3465 · Linksys · Linksys E8450

Name of the Vulnerable Software and Affected Versions: Linksys E8450 version 1.2.00.360516 Description: A buffer overflow issue was discovered, where the page field is copied to the stack without length verification. This could allow a remote attacker to execute arbitrary code or cause a denial o...

WordPress Plugin PHP to Page Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

RiteCMS Cross-Site Scripting Vulnerability (CNVD-2026-05347)

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the Home Page field, which can be exploited by an attacker to execute arbitrary Web...

CVE-2023-43877

Rite CMS 3.0 has Multiple Cross-Site scripting XSS vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu...

RiteCMS Cross-Site Scripting Vulnerability

RiteCMS is a website CMS. A security vulnerability exists in Rite CMS version 3.0 that stems from a cross-site scripting XSS vulnerability in the Home Page field...

CSZ CMS 跨站脚本漏洞

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by entering a crafted payload in the "New Page" field under the "Page Content" module...

The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.

The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the user’s browser by placing it in the “All Content”...

Cagintranet Networks GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2018-16498)

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in the admin/edit.php file in...

CVE-2018-15843

GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field...

Plone JavaScript Code Execution Vulnerability

Plone is the U.S. Plone Foundation's set of free and open source content management system CMS built on an application server Zope. The system is developed in Python language , suitable for web portals , internal and external corporate websites , document publishing systems and so on. A code...