144 matches found
CVE-2026-34246
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...
CVE-2026-34246
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...
CVE-2026-34246 CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...
CVE-2026-34246 CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...
CtrlPanel-gg 安全漏洞
CtrlPanel-gg is an open-source, easy-to-use, and free billing solution developed by CtrlPanel-gg. Versions of CtrlPanel-gg 1.1.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the datatable method in the administrator role management interface, which directly insert...
Admidio Missing Minimum Administrator Check in Role Membership Removal
Summary Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other...
Improper Control of Interaction Frequency
Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...
CVE-2026-31352
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
EUVD-2026-19342
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
GHSA-HQJC-WFVX-X2FV Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Role Management module
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Role Management module
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
Cross-site Scripting (XSS)
Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Role Name parameter in the Role Management module. An attacker can execute arbitrary web scripts or HTML in the context of a user's browser by injecting a craft...
CVE-2026-31352
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
CVE-2026-31352
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
PT-2026-30653
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
CVE-2026-31352
Feehi CMS v2.1.1 contains an authenticated stored XSS in the Role Management module, exploitable by injecting a crafted payload into the Role Name field. The affected component is Role Management; the root cause is improper handling/escaping of input in Role Name. No exploit specifics or remedial...
FeehiCMS 安全漏洞
FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-type cross-site scripting issue with the Role Name parameter in the role management module, which...
CVE-2026-31352
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Group / Role Management Fields Administrative Context Execution - Stored Cross-Site Scripting via Unsanitized Group / Role Management Inputs Description The application fails to properly sanitize user-controlled input within group and role management...
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in group and role management fields. An attacker can execute arbitrary JavaScript in the context of an administrator's brows...