20 matches found
CVE-2021-27581
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter...
EUVD-2024-44459
Malicious code in bioql PyPI...
CVE-2025-8739
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...
CVE-2025-8739 zhenfeng13 My-Blog save cross-site request forgery
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...
PT-2025-32411 · Myblog · Myblog
Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog versions up to 1.0.0 Description: A cross-site request forgery issue exists due to the manipulation of the tagName argument in the processing of the /admin/tags/save API endpoint. The attack can be initiated remotely. The...
My-Blog 安全漏洞
My-Blog is ZHENFENG13 individual developer by SpringBoot + Mybatis + Thymeleaf and other technologies to achieve the Java blog system, page beautiful, full-featured, easy to deploy and perfect code. A security vulnerability exists in My-Blog 1.0.0 and earlier versions, which stems from a cross-si...
CVE-2024-4891
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-4891
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Essential Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-4158
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...
WordPress plugin Blocksy 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-4158
CVE-2024-4158: Blocksy Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the tagName parameter in Blocksy versions up to 2.0.42 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher; successful inje...
CVE-2021-27581
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter...
CVE-2021-27581
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter...
Sql injection
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter...
CVE-2021-27581
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter...
Kentico SQL注入漏洞
Kentico is an all-in-one ASP.NET CMS that fully integrates Web content management, e-commerce, online marketing and intranet into one platform. A SQL injection vulnerability exists in the Blog module in Kentico 5.5 R2 build 5.5.3996. The vulnerability can be exploited by an attacker via the tagna...
CVE-2018-19551
Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php...
Sql injection
SQL injection vulnerability in plugins.php in BMForum 5.6, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter...
CVE-2008-6091
SQL injection vulnerability in plugins.php in BMForum 5.6, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter...