5207 matches found
CVE-2020-20781
A stored cross-site scripting XSS vulnerability in /ucms/index.php?do=listedit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields...
Cross site scripting
A stored cross-site scripting XSS vulnerability in /ucms/index.php?do=listedit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields...
CVE-2020-20129
LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...
CVE-2020-20131
LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module...
CVE-2020-20131
LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module...
CVE-2020-20129
LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...
CVE-2020-20129
CVE-2020-20129 concerns LaraCMS v1.0.1, which has a stored cross-site scripting (XSS) vulnerability in the content editor that allows attackers to execute arbitrary web scripts or HTML via crafted payloads. The Connected documents corroborate a stored XSS weakness across multiple sources (CNVD, O...
Monstra CMS code issue vulnerability
Monstra CMS is a lightweight PHP-based content management system CMS from the Ukrainian personal developer Sergey Romanenko.A code issue vulnerability exists in Monstra CMS v3.0.4, which could be exploited by attackers to execute arbitrary web scripts or HTML...
CVE-2021-34636
The CVE-2021-34636 entry concerns the Countdown and CountUp, WooCommerce Sales Timers WordPress plugin. A missing nonce check in the save_theme function (~/includes/admin/coundown_theme_page.php) enables CSRF, allowing injection of arbitrary scripts (stored XSS) in versions up to 1.5.7. Connected...
CVE-2020-20696
A cross-site scripting XSS vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field...
CVE-2020-20695
A stored cross-site scripting XSS vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
Cross site scripting
A cross-site scripting XSS vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
CVE-2020-20696
A cross-site scripting XSS vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field...
CVE-2020-20696
GilaCMS v1.11.4 contains a cross-site scripting (XSS) vulnerability in the /admin/content/post endpoint, exposed via a crafted payload in the Tags field. The issue is described as an XSS allowing execution of arbitrary web scripts or HTML, as stated in multiple connected sources referencing CVE-2...
CVE-2020-20691
Monstra CMS v3.0.4 is reported vulnerable to arbitrary script/HTML execution by bypassing the file-extension filter and uploading crafted HTML files. The CVE-2020-20691 entry notes that an attacker can leverage this to execute web scripts or HTML, without requiring authentication; exact exploit v...
YzmCMS Cross-Site Scripting Vulnerability (CNVD-2021-90911)
YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed solely by Yuan Zhimeng. cross-site scripting vulnerability exists in the /banner/add.html component of YzmCMS version 5.3. An attacker can exploit this vulnerability to execute arbitrary Web...
Mattermost Cross-Site Scripting Vulnerability (CNVD-2022-25230)
Mattermost is an open source collaboration platform from Mattermost, Inc. A security vulnerability exists in Mattermost 5.38 and earlier versions, which stems from the application's failure to adequately clean up clipboard content and could be exploited to inject arbitrary Web scripts into produc...
CVE-2020-19950
A cross-site scripting XSS vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19949
A cross-site scripting XSS vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...