CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payload
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScrip
CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a craft
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_
A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the model_desc field.
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG ed
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malic
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploi
A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note.
Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to th
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted pa
WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XS
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browse
In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search resul
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only de
CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with vali
A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerabil
Page 1+ Next →