41 matches found
CVE-2025-11331
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...
CVE-2025-11331
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...
CVE-2025-11331 IdeaCMS Website Name Config.php command injection
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...
EUVD-2025-32529
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...
CVE-2025-11331
IdeaCMS up to version 1.8 contains a command injection in the Website Name Handler component, via the argument 网站名称 manipulated in app/common/logic/admin/Config.php. The vulnerability arises from an unknown function handling that input, enabling remote execution after exploitation. Public exploit...
CVE-2025-11331 IdeaCMS Website Name Config.php command injection
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...
PT-2025-40888
Name of the Vulnerable Software and Affected Versions IdeaCMS versions up to 1.8 Description A command injection issue exists in IdeaCMS. The issue is located in an unknown function within the app/common/logic/admin/Config.php file of the Website Name Handler component. Manipulation of the 网站名称...
CVE-2024-52702
A stored cross-site scripting XSS vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. NOTE: this is disputed by the Supplier because Website Name can only be set ...
CVE-2024-52702
A stored cross-site scripting XSS vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. NOTE: this is disputed by the Supplier because Website Name can only be set ...
CVE-2024-52702
A stored cross-site scripting XSS vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. NOTE: this is disputed by the Supplier because Website Name can only be set ...
CVE-2024-52702
A stored cross-site scripting XSS vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. NOTE: this is disputed by the Supplier because Website Name can only be set ...
PT-2024-35415
Name of the Vulnerable Software and Affected Versions MyBB version 1.8.38 Description A stored cross-site scripting XSS issue exists in the component installindex.php, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. This...
CVE-2024-52702
A stored cross-site scripting XSS vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. NOTE: this is disputed by the Supplier because Website Name can only be set ...
CVE-2024-22548
FlyCms 1.0 is vulnerable to Cross Site Scripting XSS in the system website settings website name section...
PT-2024-19480 · Flycms · Flycms
Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is related to Cross Site Scripting XSS in the system website settings, specifically in the website name section. This allows for potential malicious script injection. No information is provided about...
ChatBot < 4.5.1 - Admin+ Stored XSS
The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Your Company ...
CVE-2022-41392
A cross-site scripting XSS vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings...
CVE-2022-41392
A cross-site scripting XSS vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings...
Total Avengers Totaljs Framework 跨站脚本漏洞
Total Avengers Totaljs Framework is a Javascript-based codebase for building web, desktop, service or IoT applications from Total Avengers Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications. Total Avengers A security vulnerability exis...
PT-2022-25841 · Total.Js · Total.Js
Name of the Vulnerable Software and Affected Versions: TotalJS version 8c2c8909 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. Recommendations: For version...