CVE-2015-20119 RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

CVE-2026-2543

CVE-2026-2543 concerns vulnerable software: vichan-devel/vichan up to 5.1.5. The issue lies in the Password Change Handler (inc/mod/pages.php): manipulation of the Password argument enables an unverified password change. The attack can be performed remotely. The vendor was contacted early about t...

CVE-2026-2543 vichan-devel vichan Password Change pages.php unverified password change

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. T...

CVE-2026-0567 code-projects Content Management System pages.php sql injection

A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

CU Solutions Group Content Management System Security Vulnerability

CU Solutions Group Content Management System CUSG CMS is a content management system from CU Solutions Group, Inc. A security vulnerability exists in CU Solutions Group Content Management System versions prior to v.7.75. A remote attacker can exploit this vulnerability to execute arbitrary code,...

CVE-2016-10998

The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS...