A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (navigation
Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ pa
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sit
Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary Jav
Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution i
Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session coo
A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of t
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php.
A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying
A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /us
A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated vi
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The att
A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to the title, category
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when au
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the app
A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail_send Plugin. The manipulation of the argument f_subjec
A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search resul
Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into web
A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a cr