GHSA-FMG2-F5R9-24QC Grav: Stored XSS via page title (data[header][title]) in admin panel

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadertitle parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page Parameter:...

EUVD-2020-30847

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

CVE-2020-36955

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

WordPress Betheme plugin cross-site scripting vulnerability

WordPress Betheme plugin is a WordPress multipurpose theme that is mainly used to quickly build different types of websites such as corporate, blog, e-commerce and so on. WordPress Betheme plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and outp...

CVE-2025-9371

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...

CVE-2025-9371 Betheme <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title'

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...

PT-2025-41373

Name of the Vulnerable Software and Affected Versions Betheme theme for WordPress versions prior to 28.1.7 Description The theme is susceptible to Stored Cross-Site Scripting through the page title parameter. Insufficient input sanitization and output escaping in theme breadcrumbs allow...

WordPress Betheme plugin <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'pagetitle' vulnerability discovered by Zbigniew Piotrak in WordPress Theme Betheme versions = 28.1.6...

EUVD-2018-8431

Malware in sbrugna...

EUVD-2018-8440

Malware in sbrugna...

EUVD-2020-18508

Malware in sbrugna...

EUVD-2020-7275

Malware in sbrugna...

EUVD-2023-49092

Malicious code in bioql PyPI...

CVE-2025-56216

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter...

CVE-2021-25977

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Zoo Management System aboutus.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter pagetitle of the aboutus.php file. An attacker can exploit this vulnerability to execu...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

PT-2024-24516 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Pag...

CVE-2024-2787

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

Information Disclosure

Liferay Portal is vulnerable to Information Disclosure. The vulnerability is due to an enumeration of user screen names, allowing remote authenticated users to obtain a user's full name from the page's title. This potentially leads to Information Disclosure...