Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp.
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the C
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a craft
A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulat
Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ pa
Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService
A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. This affects the function UploadResponse of the file src/main/java/com/tarzan/cms/modules/admin/controller/comm
A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. Th
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulatio
A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to be
Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter.
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipula
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail
Page 1+ Next →