MAL-2026-3287 Malicious code in ams-ssk (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 31 published versions 1.0.0 through 1.0.33 are malicious. Pairs with common-tg-service, which performs the client-side Telegram account takeover. ams-ssk is the...

SSCMS 安全漏洞

SSCMS SiteServerCMS is a content management system from China's Bailong Qianwei SSCMS company. A security vulnerability exists in SSCMS SiteServerCMS v7.3.1, which originates from a directory traversal vulnerability in the component /stl/actions/download?filePath...

CVE-2022-44299

SiteServerCMS 7.1.3 sscms has a file read vulnerability...

SiteServerCMS Cross-Site Scripting Vulnerability

SSCMS SiteServerCMS SSCMS is an open source, cross-platform, enterprise-class content management system from China's SSCMS Inc. A cross-site scripting vulnerability exists in SiteServerCMS version 7.2.2, which stems from a cross-site scripting XSS vulnerability in the Material Management componen...

SiteServerCMS 安全漏洞

SSCMS SiteServerCMS SSCMS is an open source, cross-platform, enterprise-level content management system from China's SSCMS Corporation. A security vulnerability exists in SiteServerCMS version 5.X. The vulnerability stems from a remote download Getshell vulnerability via...

SiteServer CMS 代码问题漏洞

SiteServer CMS is an open-source content management system CMS from China's BioRenewable Software Technology Development Corporation. A security vulnerability exists in SiteServer CMS prior to version V5.1, which is caused by the unrestricted upload of a dangerous type of file getshell that can b...

CVE-2022-28118

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in...

SQL Injection Vulnerability in SiteServer CMS of Beijing Baiyong Qianwei Software Technology Development Co.

SiteServer CMS is a CMS content management system. A SQL injection vulnerability exists in SiteServer CMS of Beijing Baiyongqianwu Software Technology Development Co., Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Arbitrary File Read Vulnerability in SiteServerCMS

SiteServerCMS is a content management system developed by Beijing Baiyong Qianwei Software Technology Development Co. SiteServerCMS has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive system information...

CraftedWeb Cross-Site Scripting Vulnerability

CraftedWeb is a CMS Content Management System for game servers. A cross-site scripting vulnerability exists in the aaspincludes/pages/notice.php file in versions of CraftedWeb prior to 2013-09-24. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'e'...

Arbitrary File Write Vulnerability in SiteServer CMS Backend

SiteServer CMS is a website content management system developed by Beijing Billion Software Technology Development Co., Ltd. and is widely used in state ministries, group companies and large-scale portal sites. The information collection function in the management background of SiteServer CMS doe...

CVE-2007-0846

Cross-site scripting XSS vulnerability in forum.php in Open Tibia Server CMS OTSCMS 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in forum.php in Open Tibia Server CMS OTSCMS 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter...

CVE-2007-0847

Open Tibia Server CMS (OTSCMS) up to version 2.1.5 is affected by a SQL injection in mod/PM/reply.php, exploitable via the id parameter to priv.php. This allows remote attackers to execute arbitrary SQL commands. The affected component is the web-based CMS for OTSCMS; root cause is improper handl...

CVE-2007-0846

CVE-2007-0846 is an XSS vulnerability in Open Tibia Server CMS (OTSCMS) ≤ 2.1.5, exploitable via the name parameter in forum.php. The underlying issue is improper input handling that allows arbitrary HTML/script injection, enabling an attacker to influence pages viewed by other users. The CVSS ba...