PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search resul
SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services.
symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles.
Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The man
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.
MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do.
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sit
A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note.
Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site Scripting (XSS) via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inje
A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.
WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XS
Page 1+ Next →