CSZ CMS File Upload Vulnerability

CSZ CMS is a PHP-based open source content management system CMS. A file upload vulnerability exists in the v1.2.4 version of CSZ CMS, which originates from the /core/MYSecurity.php component of the product not validating the uploaded file. An attacker can use this vulnerability to upload arbitra...

Spotweb Cross-Site Scripting Vulnerability

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team.A cross-site scripting vulnerability exists in Spotweb 1.5.1 and below, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML via the newpassword2 parameter...

Spotweb Cross-Site Scripting Vulnerability (CNVD-2021-83613)

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

Spotweb Cross-Site Scripting Vulnerability (CNVD-2021-83612)

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

Monstra CMS code issue vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS from the Ukrainian personal developer Sergey Romanenko.A code issue vulnerability exists in Monstra CMS v3.0.4, which could be exploited by attackers to execute arbitrary web scripts or HTML...

Maccms Cross-site Request Forgery Vulnerability (CNVD-2022-13188)

Maccms is a PHP-based film and television content management system CMS. Maccms version 10 has a security vulnerability that can be exploited by an authenticated attacker to delete all users via "admin.php/admin/admin/del/ids/＜id＞.html"...

CVE-2021-32669

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for backend layouts are not properly encoded, the corresponding grid view is vulnerable to...

CVE-2021-32669

CVE-2021-32669 affects TYPO3 CMS: multiple versions (9.0.0–9.5.28, 10.0.0–10.4.17, 11.0.0–11.3.0) are vulnerable to persistent cross-site scripting in the grid view when backend layouts settings aren’t properly encoded. A valid backend user is required to exploit it. TYPO3 fixed this in versions ...

Subrion CMS SQL Injection Vulnerability (CNVD-2021-53920)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports multiple extension plugins, etc. A SQL injection vulnerability exists in Subrion CMS v4.2.1, which stems from the website's use of PDO connections. No detailed...

CSZ CMS Cross-Site Scripting Vulnerability (CNVD-2021-50172)

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by entering a crafted payload in the "New Page" field under the "Page Content" module...

CSZ CMS Cross-Site Scripting Vulnerability (CNVD-2021-50173)

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS suffers from a cross-site scripting vulnerability that can be exploited to execute arbitrary web script or HTML via a specially crafted load entered in the "New Article" field under the "Article" plugin...

Blackcat Cms 跨站脚本漏洞

Blackcat Cms is a Php-based content management system from the Blackcat team. A cross-site scripting vulnerability exists in BlackCat CMS version 1.3.6, which can be exploited by an authenticated attacker to execute arbitrary web script or HTML via a crafted payload with the "Add Page" parameter...

Sulu Cross-Site Scripting Vulnerability

SULU Sulu is an extensible, PHP-based open source content management system on Symfony framework from Sulu SULU Austria. A cross-site scripting vulnerability exists in Sulu, which stems from a collection title that does not securely validate user input, and allows an attacker to enter a malicious...

Jinan Ai Cheng Network Technology Co., Ltd. iWebShop open source mall system with command execution vulnerabilities

iWebShop open source mall system is a PHP language and MYSQL database based on the development of B2B2C single-user and multi-user open source free mall system . Jinan Ai Cheng Network Technology Co., Ltd. iWebShop open source mall system there is a command execution vulnerability , attackers can...

FDCMS SQL Injection Vulnerability

FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A SQL injection vulnerability exists in FDCMS version 4.0. An attacker can use this vulnerability to inject malicious SQL via Admin/Lib/Action/FloginAction.class.php to obtain database records...

Pluck CMS suffers from a file upload vulnerability (CNVD-2021-40249)

Pluck CMS is a PHP-based content management system. Pluck CMS suffers from a file upload vulnerability that can be exploited by an attacker to upload a webshell and gain server privileges...

Drupal Security Vulnerabilities

Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal REST/JSON project 7.x-1.x that allows field access bypass...

Rockoa Xinhu Information Disclosure Vulnerability

Rockoa Xinhu is a Php-based office OA system from China Xinhu Rockoa. Rockoa Xinhu 2.1.9 version of the information leakage vulnerability, the vulnerability stems from ajaxbool value is manipulated to true, the attacker can obtain sensitive information by exploiting the vulnerability...

Phpjabbers Appointment Scheduler Cross-Site Scripting Vulnerability

Phpjabbers Appointment Scheduler is a Php-based appointment scheduler plugin for planning time and scheduling meetings from Phpjabbers Serbia. PHPJabbers Appointment Scheduler 2.3 is vulnerable to a cross-site scripting vulnerability that originates in the index.php administrative login page with...

CVE-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...