8 matches found
BIT-DISCOURSE-2026-32243 Discourse: Stored XSS in discourse-ai shared conversations onebox
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted conversation titles. This payload would execute in the...
CVE-2023-53978
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement titl...
📄 bludit 3.16.2 Directory Traversal
bludit version 3.16.2 suffers from a directory traversal vulnerability. Exploit Title: Directory Traversal "Site Title" - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Directory Traversal "Site Title" 1: Step...
Exploit for Cross-site Scripting in Martinbarker Rendertune
RenderTune RCE A Proof-Of-Concept for CVE-2024-25292 vulnerab...
CVE-2023-44758
GDidees CMS 3.0 is affected by a Cross-Site Scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title...
CVE-2023-37798
A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...
Notable 安全漏洞
Notable is a Markdown-based note-taking software with cross-platform support from the individual developers of Notable. A security vulnerability exists in Notable version 1.8.4, which stems from unfiltered text editing and allows an attacker to execute arbitrary code via a crafted payload injecte...
Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title
The plugin did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117 Creat...