CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45503
https://notcve.org/view.php?id=CVE-2023-45503
15 Apr 2024 — SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. Vulnerabilidad de inyección SQL en Macrob7 Macs CMS 1.1.4f, permite ... • https://github.com/ally-petitt/CVE-2023-45503 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31816
https://notcve.org/view.php?id=CVE-2023-31816
22 May 2023 — IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. • https://github.com/TzssZ/Content-Management-System-v1.0-has-Cross-site-Scripting-XSS- • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26615
https://notcve.org/view.php?id=CVE-2022-26615
05 Apr 2022 — A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields. Una vulnerabilidad de tipo cross-site scripting (XSS) en College Website Content Management System versión v1.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en los campos de texto de User Profile Name • https://github.com/nsparker1337/OpenSource/blob/main/exploit_xss_cwms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36498
https://notcve.org/view.php?id=CVE-2020-36498
22 Oct 2021 — Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field. Macrob7 Macs Framework Content Management System versión 1.14f, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en la función account reset, que permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada en... • https://www.vulnerability-lab.com/get_content.php?id=2206 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25197
https://notcve.org/view.php?id=CVE-2021-25197
22 Jul 2021 — Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php Una vulnerabilidad de tipo Cross-site scripting (XSS) en SourceCodester Content Management System versión v1.0, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro search en el archivo content_management_system\admin\new_content.php • https://github.com/TCSWT/Content-Management-System/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20589
https://notcve.org/view.php?id=CVE-2018-20589
30 Dec 2018 — Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. Ivan Cordoba Generic Content Management System (CMS) hasta el 2018-04-28 tiene Cross-Site Scripting (XSS) mediante el ID del artículo en Administrator/add_pictures.php. • https://github.com/nabby27/CMS/pull/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20590
https://notcve.org/view.php?id=CVE-2018-20590
30 Dec 2018 — Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. Ivan Cordoba Generic Content Management System (CMS) hasta el 2018-04-28 tiene Cross-Site Scripting (XSS) mediante el ID de usuario en Administrator/users.php. • https://github.com/nabby27/CMS/pull/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20568
https://notcve.org/view.php?id=CVE-2018-20568
28 Dec 2018 — Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Administrator/index.php en Ivan Cordoba Generic Content Management System (CMS) hasta el 2018-04-28 permite la inyección SQL para omitir la autenticación. • https://github.com/nabby27/CMS/pull/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20569
https://notcve.org/view.php?id=CVE-2018-20569
28 Dec 2018 — user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. user/index.php en Ivan Cordoba Generic Content Management System (CMS) hasta el 2018-04-28 permite la inyección SQL para omitir la autenticación. • https://github.com/nabby27/CMS/pull/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17796
https://notcve.org/view.php?id=CVE-2018-17796
30 Sep 2018 — An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. Se ha descubierto un problema en MRCMS (también conocido como mushroom) hasta su versión 3.1.2. El archivo WebParam.java acepta directamente el parámetro FIELD_T en una petición y lo emplea como hash de instrucciones SQL si... • https://github.com/wuweiit/mushroom/issues/16 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •