CVE-2026-10608 DedeCMS carbuyaction.php RemoveXSS sql injection

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

CVE-2022-45540

EyouCMS = 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char...

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click the 'Settings' button of this plugin. 2...

CVE-2017-17103

Fiyo CMS 2.0.7 has SQL injection in /apps/appuser/sysuser.php via $POSTname or $POSTemail. This vulnerability can lead to escalation from normal user privileges to administrator privileges...

Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities

Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple Cross-Site Scripting Vulnerability. SecPod Technologies www.secpod.com Author Veerendra G.G SecPod ID: 1005 09/07/2010 Issue Discovered 09/10/2010 Vendor Notified 09/13/2010 Vendor Confirmed 09/14/2010 Fix Available Class: Cross-Si...