Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
articles vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-1553
Leaking password protected articles content due to improper access control in GitHub repository publify/publify before 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidential...
Publify Project Publify
3.5
CVSSv2
CVE-2021-28002
A persistent cross-site scripting vulnerability exists in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote malicious users to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Arti...
Textpattern Textpattern 4.9.0
3.5
CVSSv2
CVE-2018-16805
In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote malicious users to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator.
B3log Solo 2.9.3
4
CVSSv2
CVE-2019-10065
An issue exists in Open Ticket Request System (OTRS) 7.0 up to and including 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.
Otrs Otrs
6
CVSSv2
CVE-2009-4174
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id paramet...
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
1 EDB exploit
4.3
CVSSv2
CVE-2011-5177
Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote malicious users to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter ...
Esyndicat Esyndicat Pro 2.3.05
1 EDB exploit
3.5
CVSSv2
CVE-2021-28001
A cross-site scripting vulnerability exists in the Comments parameter in Textpattern CMS 4.8.4 which allows remote malicious users to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/article...
Textpattern Textpattern 4.8.4
4.3
CVSSv2
CVE-2018-16248
b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote malicious users to inject arbitrary Web scripts or HTML via a carefully crafted site name in ...
B3log Solo 2.9.3
3.5
CVSSv2
CVE-2021-37393
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published ...
Rpcms Rpcms
4.3
CVSSv2
CVE-2013-2637
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM before 3.2.4, 3.1.8, and 3.0.7 and FAQ before 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
Otrs Otrs Itsm
Otrs Faq
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »