CVE-2026-39392

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog...

EUVD-2025-209735

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

Summary The Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog module does. Page content is stored unsanitized in the database and rendered as raw HTML on the public frontend via echo $pageInfo-content. An authenticated...

CVE-2026-39392 CI4MS has Stored XSS in Pages Content Due to Missing html_purify Sanitization

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog...

CVE-2026-39392 CI4MS has Stored XSS in Pages Content Due to Missing html_purify Sanitization

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog...

EUVD-2015-7271

Malware in sbrugna...

CVE-2023-41436

Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component...

CVE-2023-41436

Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component...

Cross site scripting

Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component...

CVE-2023-41436

Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component...

CSZCMS Cross-Site Scripting Vulnerability

CSZCMS is an open source web application that allows managing all content and settings on a website. A security vulnerability exists in CSZCMS version v.1.3.0, which originates from a cross-site scripting vulnerability in the Additional Meta Tag parameter of the Pages Content Menu component...

CVE-2023-41436

Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component...

CVE-2020-25391

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module...

CVE-2020-25391

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module...

Cross site scripting

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module...

CVE-2020-25391

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module...

CVE-2017-17570

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php florig or fldest parameter...

ZCMS 1.1 Cross Site Scripting / SQL Injection Vulnerabilities

ZCMS version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities. + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt Vendor: =============================================...

ZCMS 1.1 - Multiple Vulnerabilities

Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link: sourceforge.net/projects/zencherrycms Version: 1.1 Tested on:...

zyxel-xss.txt

Affected Software/Device: Zyxel ZYWall 100 Vulnerability: Cross Site Scripting Risk: Low Description: The ZyWALL 100 is designed to act as a secure gateway via xDSL/Cable modems or broadband routers for small to medium size companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN...