PT-2026-39198

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, which can lead to complete server compromise and the installation of a persistent backdoor...

EUVD-2026-0752

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

EUVD-2024-40451

Malicious code in bioql PyPI...

CVE-2025-53923 Emlog vulnerable to reflected Cross-site Scripting in admin panel

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...

115cms 代码注入漏洞

115cms is a multi-module intelligent website building system of Guizhou Forxin Technology 115cms Company in China. 115cms suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious scripts into web pages for execution in other users' browsers...

CVE-2024-43793 Halo's editor has a stored XSS vulnerability

Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a...

CVE-2024-43792

Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a...

Authentication flaw

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...

CVE-2024-1817 Demososo DM Enterprise Website Building System Cookie indexDM_load.php dmlogin improper authentication

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...

CVE-2024-1817

The CVE-2024-1817 entry concerns Demososo DM Enterprise Website Building System (versions up to 2022.8) with a Cookie Handler flaw in function dmlogin (indexDM_load.php). The root cause is improper authentication due to manipulating the is_admin argument (input y), allowing remote exploitation. P...

Demososo DM Enterprise Website Building System License Issues Vulnerability

Demososo DM Enterprise Website Building System is a system website of Demososo Inc. An authorization issue vulnerability exists in Demososo DM Enterprise Website Building System version 2022.8 and earlier, which stems from a security issue in the dmlogin function of indexDMload.php in the compone...

ForU CMS SQL注入漏洞

ForU CMS is ForU open source a website building system . ForU CMS 2020-06-23 and earlier versions suffer from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database data...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-10000241)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager URL Redirection Vulnerability (CNVD-2023-45911)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A URL...

Beijing UpCloud Technology Development Co., Ltd. website building system has SQL injection vulnerability

Beijing UpCloud Technology Development Co., Ltd. was established on July 30, 2009. The company's business scope includes: technology promotion services; economic trade consulting; computer graphic design; advertising design, production; enterprise planning; software development, etc. Ltd. has a S...

File upload vulnerability exists in the website building system of Hangzhou Bocai Network Technology Co.

Ltd. is an innovative company that provides comprehensive digital services including strategy consulting, visual design, technology development, content manufacturing and marketing. There is a file upload vulnerability in the website building system of Hangzhou Bocai Network Technology Co...

SQL Injection Vulnerability in Website Building System of Siltronic Technology Limited (CNVD-2022-41797)

Siltronic is a company dedicated to the cause of disaster prevention and mitigation in China, providing the government with comprehensive solutions for disaster prevention and mitigation informatization. A SQL injection vulnerability exists in the website builder system of Siltronic Technology...

SQL Injection Vulnerability in Website Building System of Siltronic Technology Limited (CNVD-2022-25679)

Siltronic is a company dedicated to the cause of disaster prevention and mitigation in China, providing the government with comprehensive solutions for disaster prevention and mitigation informatization. A SQL injection vulnerability exists in the website builder system of Siltronic Technology...

Magnolia CMS has an unspecified vulnerability (CNVD-2022-13382)

Magnolia CMS is an application of the Swiss company Magnolia. Magnolia CMS, a website building framework, is provided with a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted YAML file...