CVE-2024-4752

The CVE-2024-4752 vulnerability affects the EventON WordPress plugin, specifically versions prior to 2.2.15. The root cause is that the plugin does not sanitise and escape certain settings, which can enable Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., administrators). This ris...

GHSA-8V7H-CPC2-R8JP October CMS upload process vulnerable to RCE via Race Condition

Impact This advisory affects plugins that expose the October\Rain\Database\Attach\File::fromData as a public interface. This vulnerability does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. When the developer allow...

October CMS upload process vulnerable to RCE via Race Condition

Impact This advisory affects plugins that expose the October\Rain\Database\Attach\File::fromData as a public interface. This vulnerability does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. When the developer allow...

CVE-2022-23907

CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting XSS vulnerability via the parameter m1fmmessage...

CVE-2022-23907

CMS Made Simple v2.2.15 is affected by a reflected XSS via the m1_fmmessage parameter. The vulnerability is documented across multiple sources (e.g., CVE-2022-23907) and is described as a reflected XSS that could cause client-side JavaScript execution. The linked Red Hat/CVE info corroborates the...