13 matches found
EUVD-2022-5809
Malicious code in bioql PyPI...
CVE-2025-41044
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataPagename' parameter in /apprain/page/manage-static-pages/create...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the dataPagename parameter in the /apprain/page/manage-static-pages/create/ path. An attacker can retrieve, create, update, or delete database records by injecting crafted input. Remediation There is no fixed version f...
PT-2025-35905
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An SQL injection flaw exists in appRain CMF version 4.0.5. This flaw allows an attacker to retrieve, create, update, and delete the database through the data%5BPage%5D%5Bname%5D parameter in the...
PT-2025-35904
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An SQL injection vulnerability exists that allows an attacker to retrieve, create, update, and delete the database. This is possible through the data%5BPage%5D%5Bname%5D parameter in the...
PT-2025-35915
Name of the Vulnerable Software and Affected Versions appRain CMF version 4.0.5 Description A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user input. The vulnerability is located in the dataPagename parameter within the...
PiHome 代码注入漏洞
PiHome is a home automation system from the individual developer of PiHomeHVAC. A code injection vulnerability exists in PiHome version 2.0, which stems from the fact that incorrect manipulation of the parameter pagename can lead to cross-site scripting...
Cross-site Scripting (XSS)
Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user input sanitization. Exploiting this vulnerability is possible via the PageName aka nodename parameter during the creation of a new page. Details Cross-site...
Umbraco CMS vulnerable to stored XSS
Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...
DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-00995)
DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/page.php?rec=edit in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with...
CVE-2018-20557
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the pagename parameter...
CVE-2017-15279
Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...
Umbraco CMS Cross-Site Scripting Vulnerability (CNVD-2017-30256)
Umbraco is the leading open source Microsoft ASP.NET CMS. A cross-site scripting vulnerability exists in Umbraco CMS, which allows remote attackers to inject arbitrary web script or HTML via the "page name" parameter during the creation of a new page...