CVE-2022-26565
https://notcve.org/view.php?id=CVE-2022-26565
A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. Una vulnerabilidad de cross-site scripting (XSS) en Totaljs todas las versiones antes del commit 95f54a5commit, permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload crafteado inyectado en el campo de texto Page Name al crear una nueva página • https://bug.pocas.kr/2022/03/01/2022-03-05-CVE-2022-26565 https://github.com/totaljs/cms/issues/35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-25197
https://notcve.org/view.php?id=CVE-2021-25197
Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php Una vulnerabilidad de tipo Cross-site scripting (XSS) en SourceCodester Content Management System versión v1.0, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro search en el archivo content_management_system\admin\new_content.php • https://github.com/TCSWT/Content-Management-System/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2217 – Content Management System for Phprojekt 0.6.1 - File Disclosure
https://notcve.org/view.php?id=CVE-2008-2217
Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter. Vulnerabilidad de salto de directorio en cm/graphie.php de Content Management System 0.6.1 para Phprojekt; permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante un .. (punto punto) en el parámetro cm_imgpath. • https://www.exploit-db.com/exploits/5510 http://www.securityfocus.com/bid/28958 https://exchange.xforce.ibmcloud.com/vulnerabilities/42510 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-4365
https://notcve.org/view.php?id=CVE-2007-4365
Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en eXV2 CMS 2.0.5 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante una cookie set_lang para un componente no especificado. NOTA: esto podría solaparse con CVE-2007-1965. • http://osvdb.org/36479 http://securityreason.com/securityalert/3021 http://www.i-s-o.org/security.txt http://www.securityfocus.com/archive/1/476287/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35992 •
CVE-2007-1966
https://notcve.org/view.php?id=CVE-2007-1966
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. Vulnerabilidad de fijación de sesión en eXV2 CMS 2.0.4.3 y anteriores permite a atacantes remotos secuestrar sesiones web estableciendo la cookie PHPSESSID. • http://marc.info/?l=bugtraq&m=117570977117962&w=2 http://www.majorsecurity.de/index_2.php?major_rls=major_rls38 • CWE-287: Improper Authentication •