Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...

PT-2025-52302

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Administration users can inject malicious scripts through email marketing templates. Exploitation allows attackers t...

CVE-2025-67163

CVE-2025-67163 affects Simple Machines Forum (SMF) v2.1.6 (and SMF

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience email marketing templates, which can be exploited by attackers to execute malicious scripts that can compromise a user's browser and steal sensitive information...

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

CVE-2023-53933

CVE-2023-53933 affects Serendipity 2.4.0. An authenticated attacker can upload PHP files with a .phar extension via the media upload endpoint, enabling remote code execution on the server. The vulnerability arises from accepting or processing uploaded files in a way that allows execution of syste...

CVE-2023-53924

Summary of CVE-2023-53924 (UliCMS 2023.1-sniffing-vicuna): authenticated users can upload PHP files with a .phar extension via profile avatar uploads, enabling remote code execution when the uploaded file is accessed. Affects UliCMS 2023.1-sniffing-vicuna; impact includes potential full system co...

CVE-2023-53922 TinyWebGallery v2.5 Remote Code Execution via Unrestricted File Upload

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploade...

CVE-2023-53915 Zenphoto 1.6 Stored Cross-Site Scripting via Album Description

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...

PT-2025-51970

Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated user can inject malicious scripts through blog entry creation. An attacker can create blog entries with JavaScript payloads that execute when other users view the compromised post. This is...

PT-2025-51969

Name of the Vulnerable Software and Affected Versions Revive Adserver version 5.4.1 Description Revive Adserver 5.4.1 has a cross-site scripting issue in the banner advanced configuration page. This allows attackers to inject malicious scripts. An attacker can create a malicious link to the...

CVE-2023-53869

WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server...

CVE-2023-53890

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

📄 WordPress Omnipress 1.6.3 Cross Site Scripting

WordPress Omnipress plugin versions 1.6.3 and below suffer from a persistent cross site scripting vulnerability. CVE-2025-12163: Stored Cross-Site Scripting in Omnipress WordPress Plugin Keywords: CVE-2025-XXXXX, Omnipress WordPress vulnerability, stored XSS, WordPress security, authenticated XSS...

CVE-2023-53884

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is...

CVE-2023-53868

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...

CVE-2023-53891

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability exploitable by authenticated users via the page modification interface. Malicious JavaScript payloads inserted into page content can execute when other users view the affected page. Root cause and impact are as described in con...

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

CVE-2023-53871 Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...