Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in `csettings.cfc` does not properly validate anti-CSRF tokens for site bundle crea
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management o
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the `cTrash.restore` function does not properly validate anti-CSRF tokens for content restoration requests.
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators to create a
Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an uns
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTa
The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore functio
MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.em
MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management (cUsers.cfc addToGroup method) that allows attackers to escalate privileges by adding any us
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes (//) as internal pat
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when au
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token val
Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via group_id parameter which can leads to a security bypass since changes
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.
A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of t
Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter alphaomega-captcha-anti-spam allows Stored XSS.This issue affects AlphaOmega Captcha & Anti-S
The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `lvca_admin_ajax` AJAX action in all versions up to, and including, 3.9.4 due to
A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize u
Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout.
Page 1+ Next →