EUVD-2026-31743

Cross-Site Request Forgery CSRF vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0...

CVE-2025-41044

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataPagename' parameter in /apprain/page/manage-static-pages/create...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataPagename parameter in the /apprain/page/manage-static-pages/create process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is...

CVE-2025-41044

CVE-2025-41044 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to improper validation of user input in the /apprain/page/manage-static-pages/create endpoint, specifically through the data[Page][name] parameter. Public sources consistently describe the vulnerability as cross-site ...

Tenda FH1201 安全漏洞

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 suffers from a buffer overflow vulnerability, which originates from the parameter page in the file /goform/fromRouteStatic that fails to correctly validate the length and size of the input data, which can be exploited by an...

CVE-2022-1763

Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the...

OESA-2025-1271 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option...

PluXml Security Vulnerability

PluXml is a free and open source content management system that does not require a database to work. A security vulnerability exists in PluXml Blog version v5.8.9, which stems from a remote code execution vulnerability contained in a static page that can be used to execute remote code by injectin...

WordPress Static Page eXtended plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Static Page eXtended plugin version 2.1 and previous versions have a cross-site scripting...

CVE-2022-1763

Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the...

CVE-2022-1763

Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the...

CVE-2022-1763

Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the...

WordPress plugin Static Page eXtended 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Static Page eXtended plugin version 2.1 and previous versions have a cross-site scripting...

WordPress Static Page eXtended plugin <= 2.1 - Arbitrary Settings Update via CSRF leading to Stored XSS

Arbitrary Settings Update via CSRF leading to Stored XSS discovered by Daniel Ruf in WordPress Static Page eXtended plugin versions = 2.1. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full...

Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS

Due to missing checks the plugin is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings PoC...

Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS

Due to missing checks the plugin is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings...

Pluxml Code Injection Vulnerability

Pluxml is a free and open source content management system that does not require a database to work. A remote code execution vulnerability exists in Pluxml version v5.8.7, which can be exploited by an attacker to execute arbitrary code by inserting carefully crafted PHP code into a static page...

PluXml 代码注入漏洞

Pluxml is a free and open source content management system that does not require a database to work. A remote code execution vulnerability exists in Pluxml version v5.8.7, which can be exploited by an attacker to execute arbitrary code by inserting carefully crafted PHP code into a static page...

Mail.ru: unauthorized access to add admin endpoint

Access to static page within media-poll.mail.ru admin interface was not restricted. Access to static page does not grant attacker the ability to perform any actions or access any sensitive information...

LocalTapiola: Verbose error message reveals internal system hostnames, protols and used ports (yrityspalvelu.tapiola.fi)

Issue The reporter found an error page that contained a reference to a server name + port in the internal network. No actual vulnerability or weakness was reported. Fix The error page was changed to a static page. Reasoning Trivial error page injection reports will not be accepted for this domain...