CVE-2025-60869

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

CVE-2025-60869

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

PT-2025-41568

Name of the Vulnerable Software and Affected Versions Publii CMS version 0.46.5 build 17089 Description Publii CMS version 0.46.5 build 17089 contains a persistent Cross-Site Scripting XSS flaw. This occurs because input in configuration fields, such as “Site Description” and “Footer Follow...

CVE-2025-60869

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

EUVD-2025-33728

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

CVE-2025-60869

Publii CMS v0.46.5 (build 17089) is affected by a stored XSS in configuration fields (e.g., Site Description, Footer Follow Buttons). The issue arises from unsanitized input, allowing injected JavaScript to be stored in the project and executed in visitors’ browsers when viewing the generated sta...

CVE-2025-60869

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

EUVD-2025-28403

Malicious code in bioql PyPI...

EUVD-2021-29821

Malicious code in bioql PyPI...

pixelimity 注入漏洞

pixelimity is pixelimity open source a content management system . pixelimity 1.0 version of an injection vulnerability , the vulnerability stems from the file /install/index.php parameter sitedescription in the wrong operation leads to SQL injection...

CVE-2024-6941

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument sitetitle/sitesubtitle/sitekey/sitedesc/siteurl/siteemail/siteicp leads to cross site scriptin...

CVE-2021-42866

A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php...

CVE-2021-42866

A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php...

Cross site scripting

A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php...

CVE-2021-42866

CVE-2021-42866 affects Pixelimity 1.0, a PHP-based CMS. The vulnerability is a Cross-Site Scripting flaw that originates from the Site Description field in pixelimity/admin/setting.php, due to unsafe handling of input. Public references confirm the issue across multiple feeds (NVD entry and relat...

CVE-2021-42866

A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php...

Pixelimity 跨站脚本漏洞

Pixelimity is an open source PHP-based CMS Content Management System. A security vulnerability exists in Pixelimity 1.0 that originates from cross-site scripting via the site description field in pixelimity/admin/setting.php...

Cross site scripting

An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page...

WeaselCMS Cross-Site Scripting Vulnerability

WeaselCMS is a lightweight content management system CMS written in PHP. A cross-site scripting vulnerability exists in WeaselCMS version 0.3.5. A remote attacker can exploit this vulnerability to execute JavaScript code via the Site Language, Site Title, Site Description, and Site Keywords field...

iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting

Exploit Title: iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/easycreate/demo/ Version: 3.2.1 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9236 CVE:...