Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tag Delete Confirmation. An attacker can execute arbitrary JavaScript in the application's context by injecting malicious HTML into the tag name, which is then...

CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

PT-2026-27182

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions prior to 2.28.1 Description Mantis Bug Tracker is an open source issue tracker. A flaw exists in version 2.28.0 where improper escaping of a tag name during the display of a confirmation message when deleting a tag...

GHSA-W492-7G9M-J2WW Cross-Site Request Forgery in JFinalCMS

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/tag/delete...

CVE-2023-49376

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/tag/delete...

CVE-2023-49376

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/tag/delete...

CVE-2023-49376

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/tag/delete...

PT-2023-31190 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was found in JFinalCMS. The vulnerability can be exploited via the /admin/tag/delete API endpoint. Recommendations: For JFinalCMS version 5.0.0, as a temporary...

JFinalCMS Security Vulnerability

JFinalCMS is a content management system by heyewei individual developer. A security vulnerability exists in JFinalCMS v5.0.0, which originates from a cross-site request forgery vulnerability in the /admin/tag/delete component...

CVE-2023-49376

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/tag/delete...

OpenCats SQL Injection Vulnerability (CNVD-2022-70574)

OpenCats is an open source recruitment process management system. OpenCats v0.9.6 suffers from a SQL injection vulnerability that stems from a security issue with the tagid variable in the tag delete function. No detailed vulnerability details are provided at this time...

OpenCats SQL注入漏洞

OpenCats is an open source recruitment process management system. OpenCats v0.9.6 suffers from a SQL injection vulnerability that stems from a security issue with the tagid variable in the tag delete function. No detailed vulnerability details are provided at this time...