CVE-2024-36775

Monstra CMS 3.0.4 is affected by an XSS vulnerability in the Edit Profile page, where crafted payloads placed into the About Me field can execute arbitrary web scripts/HTML. The issue stems from reflecting or injecting content via the About Me parameter, enabling potential code execution in the c...

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated) Vulnerability

Exploit Title: Craft CMS Logs Plugin 3.0.3 - Path Traversal Authenticated Exploit Author: Steffen Rogge Vendor Homepage: https://github.com/ethercreative/logs Software Link: https://plugins.craftcms.com/logs Version: =3.0.4 impact: Medium found: 2021-07-06 SEC Consult Vulnerability Lab An...

CVE-2023-34447 iTop XSS vulnerability on pages/UI.php

iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on pages/UI.php, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0...

XMLTooling Library Incorrectly Handles Some Exceptions

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...

CVE-2021-36548

A remote code execution RCE vulnerability in the component /admin/index.php?id=themes&action=edittemplate&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file...

CVE-2021-36548

A remote code execution RCE vulnerability in the component /admin/index.php?id=themes&action=edittemplate&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file...

Remote code execution

A remote code execution RCE vulnerability in the component /admin/index.php?id=themes&action=edittemplate&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file...

CVE-2021-36548

A remote code execution RCE vulnerability in the component /admin/index.php?id=themes&action=edittemplate&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file...

CVE-2021-36548

Monstra CMS v3.0.4 contains a remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog, allowing attackers to execute arbitrary commands via a crafted PHP file.

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

CVE-2020-18455

Cross Site Scripting XSS vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php...

Cross site scripting

Cross Site Scripting XSS vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php...

CVE-2020-18455

CVE-2020-18455 affects bycms v3.0.4, with an XSS vulnerability in the edit(Document.php) function via the title parameter. The connected sources confirm the vulnerable component and entry details; no patch/version remediation information is provided in the supplied documents. Exploitation details...

CVE-2020-18455

Cross Site Scripting XSS vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php...

CVE-2020-24963

An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4...

CVE-2019-9628

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...

Design/Logic Flaw

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...

CVE-2019-9628

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...

CVE-2018-16978

Monstra CMS 3.0.4 is affected by CVE-2018-16978, a Cross-Site Scripting (XSS) flaw in the registration form (users/registration) triggered by a crafted password parameter. Public references describe it as an XSS threat via the password field, enabling arbitrary script execution in the victim’s br...