CVE-2025-7713

CVE-2025-7713 describes an XSS vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS), caused by improper neutralization of input during web page generation and exploitable via HTTP headers. The affected scope is stated as CMS through 21072025. Details on a...

EUVD-2021-1467

Malware in sbrugna...

EUVD-2024-2962

Malicious code in bioql PyPI...

CVE-2021-32737

Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection cross-site-scripting in the collection title. The problem is patched in version 1.6.41. As a workaround, on...

CVE-2025-47778

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...

CVE-2024-47618 Sulu vulnerable to XSS via uploaded SVG

Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ other users including...

FrogCms Cross-Site Request Forgery Vulnerability

FrogCMS is a lightweight PHP content management system A cross-site request forgery vulnerability exists in FrogCms version v0.9.5, which stems from /admin/? /snippet/delete/3 does not adequately verify that the request is from a trusted user. The vulnerability can be exploited by an attacker to...

WonderCMS MENU Parameter Cross-Site Scripting Vulnerability

WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the MENU parameter of the Settings section, and can be exploited by an...

WonderCMS PAGE DESCRIPTION parameter cross-site scripting vulnerability

WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the PAGE DESCRIPTION parameter of the Settings section, and can be exploited...

WonderCMS ADMIN LOGIN URL Parameter Cross-Site Scripting Vulnerability

WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the ADMIN LOGIN URL parameter of the Settings section, which can be exploite...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS version v3.4.3, which originates from a cross-site scripting XSS vulnerability in the Settings section. An attacker can exploit this vulnerability to execute arbitrary web script or...

CVE-2024-27915 Sulu grants access to pages regardless of role permissions

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...

CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...

DeDeCMS File Upload Vulnerability (CNVD-2024-02995)

DeDeCMS is a PHP-based open source content management system CMS. The system features content publishing, content management, content editing and content retrieval. A file upload vulnerability exists in DeDeCMS version 5.7.112 and earlier versions, which stems from the application's lack of...

CLTPHP Input Validation Error Vulnerability

CLTPHP is an open source and efficient site-building PHP content management system. An input validation error vulnerability exists in CLTPHP version 6.0 and earlier versions, which stems from incorrect input validation in application/admin/controller/Template.php. An attacker can exploit this...

New Python-Based "Legion" Hacking Tool Emerges on Telegram

An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct...

Elefant CMS Code Issues Vulnerabilities

Elefant CMS is a simple PHP content management system and web framework by Canadian John de Plume, an individual developer. A security vulnerability exists in Elefant CMS version 1.3.12-RC, which stems from unknown functionality in file/filemanager/upload/drop for component file uploads. A remote...

CVE-2021-43835 Privilege escalation in the Sulu Admin panel

Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not...

Cross site scripting

Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection cross-site-scripting in the collection title. The problem is patched in version 1.6.41. As a workaround, on...

FDCMS File Containment Vulnerability

FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A file inclusion vulnerability exists in FDCMS version 4.0. An attacker can exploit this vulnerability to obtain a webshell in the background via Front/lib/Action/FindexAction.class.php...