Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-66c2-p8rh-qx87: baserCMS Cross-site Scripting vulnerability in Site search Feature

There is a XSS Vulnerability in Site search Feature to baserCMS. ### Target baserCMS 5.0.8 and earlier versions ### Vulnerability Malicious code may be executed in Site search Feature. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_73283159

ghsa
Open in Source
#xss#vulnerability#git
GHSA-jjxq-m8h3-4vw5: baserCMS Cross-site Scripting vulnerability in Content Management

There is a XSS Vulnerability in Content Management Feature to baserCMS. ### Target baserCMS 5.0.8 and earlier versions ### Vulnerability Malicious code may be executed in Content Management Feature. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_73283159

GHSA-pcm8-qqrp-w6qf: Enhavo Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

GHSA-38m8-5gfc-663g: Enhavo Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.

GHSA-c579-hhw5-cr3p: Enhavo Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.

CMS Made Simple 2.2.19 Cross Site Scripting

CMS Made Simple version 2.2.19 suffers from a persistent cross site scripting vulnerability.

SitePad 1.8.2 Cross Site Scripting

SitePad version 1.8.2 suffers from a persistent cross site scripting vulnerability.

Dotclear 2.29 Cross Site Scripting

Dotclear version 2.29 suffers from a cross site scripting vulnerability.

GHSA-8pf2-qj4v-fj64: Apache Answer Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack. Users are recommended to upgrade to version 1.2.5, which fixes the issue.

GHSA-w879-mxj5-c3wf: Duplicate Advisory: Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-57f2-8p89-66x6. This link is maintained to preserve external references. ## Original Description Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the URL parameter.