CVE-2026-39841 Stored XSS through list fields on Cargo's page values and Special:CargoTables

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-30917

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

CVE-2026-30917 Stored XSS on Bucket namespace pages

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

EUVD-2026-10426

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

CVE-2026-30917

Bucket is a MediaWiki extension for structured data. Before version 2.1.1, there is a stored XSS in any Bucket table field with a PAGE type that executes when users view the corresponding Bucket namespace page. The issue is fixed in 2.1.1. Affected software: MediaWiki Bucket extension; vulnerable...

PT-2026-24147

Name of the Vulnerable Software and Affected Versions Bucket versions prior to 2.1.1 Description Bucket is a MediaWiki extension used to store and retrieve structured data on articles. A stored cross-site scripting XSS issue exists that allows malicious code to be inserted into any Bucket table...

CVE-2025-12937

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

CVE-2025-57759

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...

CVE-2025-57759 Contao has improper privilege management for page and article fields

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...

CVE-2025-57759 Contao has improper privilege management for page and article fields

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from the possibility of...

CVE-2025-4250

A vulnerability was found in code-projects Nero Social Networking Site 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument fname/lname/login/password2/cpassword/address/cnumber/email/gender/propic/month leads to sql...

Winter 安全漏洞

Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A security vulnerability exists in Winter v.1.2.3 that originated from a vulnerability that allows remote attackers to execute arbitrary code via CMS page fields and plugin components using a crafted paylo...

CVE-2021-24320

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault, btbblistingfieldkeyword, btbblistingfieldlocationautocomplete,...

Cross-site Scripting in invenio-communities

Cross-Site Scripting XSS vulnerability in Jinja templates Impact A Cross-Site Scripting XSS vulnerability was discovered in two Jinja templates in the Invenio-Communities module. The vulnerability allows a user to create a new community and include script element tags inside the description and...

DomainMOD cross-site scripting vulnerability (CNVD-2019-07967)

DomainMOD is an open source application for managing your domain names and other Internet assets in a central location. A cross-site scripting vulnerability exists in DomainMOD versions 4.11.01 and earlier, which can be exploited by an attacker via the assets/add/dns.php Profile Name or notes...

CVE-2018-7261

There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences Name and Username and Configuration Site Title, Dev Site Domain, Page Parts, and Page Fields...

Radiant CMS 1.1.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications 1. Introduction Vendor : Radiant Affected Product : Radiant CMS 1.1.4 Fixed in : NA Vendor Website : http://radiantcms.org/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7261 2. Overview...