CVE-2025-12072

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...

CVE-2025-12072 Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...

CVE-2025-12072

CVE-2025-12072 concerns the WordPress plugin Disable Content Editor For Specific Template (≤ 2.0). Root cause is missing nonce validation on template configuration updates, enabling CSRF. Impact: unauthenticated attackers can induce administrators to add or delete template configurations via forg...

CVE-2025-41089

CVE-2025-41089 affects Xibo CMS v4.1.2. The vulnerability arises from insufficient validation of user input in the Templates section, specifically when an element with a Configuration Name field (e.g., Clock widget) is modified after creation. The root cause is lack of proper input validation, en...

EUVD-2017-9310

Malware in sbrugna...

EUVD-2025-32296

Malicious code in bioql PyPI...

EUVD-2025-26148

Malicious code in bioql PyPI...

EUVD-2025-22354

Malicious code in bioql PyPI...

CVE-2025-9591

A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotel...

CVE-2017-18175

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration aka Templateconfiguration, as demonstrated by the src attribute of an IMG element. This is fixed in 10.1...

CVE-2025-3841

A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config'template' leads to improper...

CVE-2023-42286

There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload...

CVE-2023-42286

There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload...

CVE-2023-42286

There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload...

CVE-2023-42286

There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload...

PT-2024-13035 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.4 Description: The issue is related to a PHP file inclusion vulnerability in the template configuration, allowing attackers to execute code or system commands through a carefully crafted malicious payload. Recommendations:...

Haml cross-site scripting vulnerability (CNVD-2021-47372)

haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...

Haml Cross-Site Scripting Vulnerability

haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...

Cross site scripting

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...

CVE-2021-32818 Remote code execution and Reflected cross site scripting in haml-coffee

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...