EUVD-2018-8605

Malware in sbrugna...

CVE-2025-59416 The Scratch Channel forks can publish articles

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

CVE-2025-59416 The Scratch Channel forks can publish articles

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

CVE-2025-57805

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...

CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...

CVE-2020-20943

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

b3log Solo Cross-Site Scripting Vulnerability

b3log Solo is an open source blogging system. A cross-site scripting vulnerability exists in the input page under the Publish Articles menu in b3log Solo version 2.9.3. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit thi...

CVE-2018-16248

b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...

CVE-2018-16248

CVE-2018-16248 affects b3log Solo 2.9.3. An XSS flaw exists in the Input page under the “Publish Articles” menu, where the articleTags field stored in the tag JSON enables an admin-authenticated HTTP request to inject arbitrary scripts via a crafted site name. The vulnerability is caused by insuf...

CVE-2018-16248

b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...

CVE-2018-16805

In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator...

baigo CMS Cross-Site Request Forgery Vulnerability

baigo CMS is an open source PHP-based content management system CMS. A cross-site request forgery vulnerability exists in the index.php?m=article&c=request page in baigo CMS version 2.1.1, which can be exploited by remote attackers to publish arbitrary articles...

Symphony cross-site scripting vulnerability (CNVD-2017-07340)

Symphony is a content management system CMS developed using PHP and MySQL. The system supports search engine optimization, module extensions and more. A cross-site scripting vulnerability exists in the publish/articles/new/ URI in Symphony version 2.6.11. A remote attacker can exploit this...

Symphony Cross-Site Scripting Vulnerability

Symphony is a content management system CMS developed using PHP and MySQL. The system supports search engine optimization, module extensions and more. A cross-site scripting vulnerability exists in the publish/articles/new/ URI in Symphony version 2.6.11. A remote attacker can exploit this...

AvailScript Article Script - 'articles.php' Multiple Vulnerabilities

/\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Availscript Article Script articles.php Multiple Vulnerabilities Vendor:...