Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog cms vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2018-19901
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
No-cms Project No-cms 1.1.3
7.2
CVSSv3
CVE-2021-35290
File Upload vulnerability in balerocms-src 0.8.3 allows remote malicious users to run arbitrary code via rich text editor on /admin/main/mod-blog page.
Balero Cms Project Balero Cms 0.8.3
6.1
CVSSv3
CVE-2018-7274
Yab Quarx up to and including 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
Quarx Cms Project Quarx Cms
NA
CVE-2012-1208
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions prior to 3.2.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error paramete...
Fork-cms Fork Cms 3.2.4
2 EDB exploits
NA
CVE-2009-4783
Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote malicious users to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php.
Mntechsolutions Theeta Cms 0.01
Mntechsolutions Theeta Cms 0.0
1 EDB exploit
9.6
CVSSv3
CVE-2022-4354
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. T...
Pb-cms Project Pb-cms 2.0
9.8
CVSSv3
CVE-2022-2740
A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attac...
Company Website Cms Project Company Website Cms -
NA
CVE-2009-4782
Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote malicious users to inject arbitrary web script or HTML via the (1) start, (2) forum, and (3) cat parameters to community/thread.php; (4) start and (5) cat parameters to community/forum....
Mntechsolutions Theeta Cms 0.01
Mntechsolutions Theeta Cms 0.0
1 EDB exploit
6.1
CVSSv3
CVE-2019-17535
Gila CMS up to and including 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
Gilacms Gila Cms
5.4
CVSSv3
CVE-2018-7035
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source ...
Gleezcms Gleez Cms 2.0
Gleezcms Gleez Cms 1.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »