CVE-2026-21429

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...

CVE-2025-57805

CVE-2025-57805 affects The Scratch Channel web platform. In versions 1 and 1.1, a POST to the article-publishing endpoint allows posting articles in any category with any date, regardless of login status, indicating an authorization bypass in the publish workflow. The issue has been patched in ve...

CVE-2024-39174

A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...

CVE-2024-39174

A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...

PT-2024-28378 · Yzmcms · Yzmcms

Name of the Vulnerable Software and Affected Versions: yzmcms version 7.1 Description: A cross-site scripting XSS vulnerability in the Publish Article function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. Recommendations: For...

Yzmcms Security Vulnerabilities

Yzmcms is an open source CMS Content Management System by the individual developer of Yzmcms. A security vulnerability exists in Yzmcms version 7.1, which stems from a cross-site scripting vulnerability in the Publish Article feature, which allows an attacker to execute arbitrary Web script or HT...

CVE-2024-39174

CVE-2024-39174 affects yzmcms v7.1, where the Publish Article function is vulnerable to cross-site scripting (XSS) via a crafted payload injected into a published article. The issue is described consistently across sources (RH, NVD, OSV, CNNVD, CVE listings) as a reflected/stored-style XSS vulner...

CVE-2023-43267

A cross-site scripting XSS vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field...

CVE-2023-43267

A cross-site scripting XSS vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field...

PT-2023-28749 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: emlog pro version 2.1.14 Description: A cross-site scripting XSS issue in the publish article function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. Recommendations: For emlog p...

CVE-2020-25343

Cross-site scripting XSS vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields'body' param via events\event.publisharticle.php...