Zencart | Information disclosure via HTML injection
HTML injection in product category name leads to information disclosure in Zencart 2.1.0
Posted on: May 24, 2025 06:06 AM
ViewZencart | RCE via SQL query executor file upload
The [/zencart/Horse-Kgc-fRizz/index.php?cmd=sqlpatch] endpoint allows admins to run SQL queries. This feature was created to allow developer to manually configure or modify the database but there is a problem, this feature allows you to write files including PHP shells and access them which results in RCE. This is because secure_file_priv is not set, creating a critical security issue.
Posted on: May 24, 2025 06:03 AM
ViewZencart | Stored XSS on adding products via SVG image
Zencart allows inserting images from a link, SVG images are blacklisted by default in Zencart. If you try upload a SVG file you will get errors but you can still insert a SVG file through CKEditor's “Insert image from URL" functionality.
Posted on: May 24, 2025 05:58 AM
ViewZencart | Stored XSS on Page Editor
Zencart has an interesting feature that allows administrators to change the text editor used across the website for editing pages or products and gives them two choices to choose between a “Plain text” editor and “CKEditor”. The problem is that when you choose a plaintext editor for modifying pages, you can still inject HTML and JavaScript code which is not normal.
Posted on: May 24, 2025 05:53 AM
ViewOpen Journal System | Misconfiguration allows Guest Editor to read declined article submissions
In OJS 3.4, “Articles Report" plugin is installed by default, this plugin allows a logged in user with “Guest Editor” role to export articles report. But this plugin/feature is not visually visible to “Guest Editor", but Guest Editor can access it anyway due to improper access controls.
Posted on: May 24, 2025 05:07 AM
ViewOpen Journal System | Arbitrary Code Execution as Journal Manager
In most content management systems, a plugin’s code isn’t executed until it’s explicitly enabled or otherwise triggered. However, in OJS, it appears that once a plugin is uploaded, it runs immediately, allowing someone to upload a malicious plugin and execute its code without ever enabling it.
Posted on: May 24, 2025 05:01 AM
ViewContao CMS | XSS via base64 encoded img tag
In Contao, any editor can edit contents of an article. Despite the fact that there are filters in place to protect against JavaScript and only a certain number of HTML tags are allowed, we can still bypass these protections by using an img tag and loading a base64 encoded SVG image.
Posted on: May 24, 2025 04:10 AM
ViewContao CMS | Authenticated Remote Command Execution
Contao version 5.2.2 exposes a .html5 page that actually contains PHP code to backend administrator users or anyone with template editor privileges. At first galance this seems like a HTML file but upon opening it for editing, it contains PHP code and can be modified to perform command execution on the server. This file is like a backdoor that allows administrator to escalate privileges and own the server.
Posted on: May 24, 2025 04:06 AM
ViewContao CMS | Stored XSS via SVG file upload
Contao version 5.2.2 allows all backend users with file upload permissions to upload SVG files. There are no filters in place to protect against JavaScript inside SVG files, this allows us to embed malicious JavaScript code and run it. Although we don't have access to document.cookie, we can still force a malicious file download in user's computer.
Posted on: May 24, 2025 04:01 AM
ViewOnlyOffice Community Server | Stored XSS via embedding iframe in comment
In OnlyOffice, users can create projects and add comments. While HTML input is permitted, it also allows embedding iframe that can contain JavaScript, leading to an XSS vulnerability. The XSS doesn't affect OnlyOffice, instead JavaScript from any malicious site can be loaded to OnlyOffice through iframe tags.
Posted on: May 24, 2025 03:04 AM
ViewOnlyOffice Community Server | Stored XSS via embedding SVG in comment
In OnlyOffice, users can create projects and add comments. While HTML input is permitted, it also allows embedding SVG images that can contain JavaScript, leading to an XSS vulnerability.
Posted on: May 24, 2025 03:00 AM
ViewNukeViet | Internal File Read
A malicious attacker with very limited site moderation privileges can exploit this vulnerability by uploading internal files such as archives or documents into Nukeviet and then download them into their own machines and access them.
Posted on: May 24, 2025 02:28 AM
ViewAnqiCMS | XSS via SVG image upload
AnqiCMS allows logged in admins to upload files through [/system/archive/attachment] endpoint. Files that are uploaded here, can be shown anywhere else on the site to both users and admins.
Posted on: May 24, 2025 02:16 AM
ViewAnqiCMS | Multiple XSS vulnerabilities via document text editor
AnqiCMS uses a text editor for creating pages. All of these endpoints are vulnerable to XSS because they use the same editing software. At first it seems like authenticated moderators should be able to make these modifications but these pages are designed for editing text not adding JavaScript.
Posted on: May 24, 2025 02:12 AM
ViewLemon OS | Remote stack overflow
This report details a stack overflow vulnerability in the steal HTTP client (curl equivalent for LemonOS), the vulnerability arises from the use of a variable-length array (VLA) in the HTTPGet function.
Posted on: May 23, 2025 01:10 AM
ViewTypo3 | Unrestricted File Upload in File Abstraction Layer
TYPO3 allows site editors with filelist permissions to upload .exe files despite restrictions. These files can then be served directly to users, making the application a potential malware distribution platform.
Posted on: May 22, 2025 10:39 PM
ViewApache Answer | Privacy leak & user information disclosure
Disclosure of an information disclosure vulnerability in Apache Answer.
Posted on: April 11, 2025 11:47 AM
ViewEasyAppointments 1.5.0 | Stored XSS leads to account takeover
Disclosure of a stored XSS vulnerability in EasyAppointments that resulted in account takeover.
Posted on: January 11, 2025 12:06 AM
ViewEasyAppointments 1.5.0 | Admin Login bruteforce rate limit bypass
Disclosure of an admin bruteforce vulnerability in EasyAppointments CMS.
Posted on: January 10, 2025 11:58 PM
ViewVvveb 1.0.5 | Stored site-wide silent XSS
Disclosure of a stored site-wide XSS affecting navigation menu in Vvveb.
Posted on: January 10, 2025 11:28 PM
ViewVvveb 1.0.5 | Internal file read via drag-and-drop editor
Disclosure of an internal file read vulnerability via drag-and-drop editor in Vvveb.
Posted on: January 10, 2025 11:22 PM
ViewVvveb 1.0.5 | Authenticated SSRF port scanning as an editor
Disclosure of an internal SSRF vulnerability in Vvveb that facilitates internal data disclosure.
Posted on: January 10, 2025 10:59 PM
ViewVvveb 1.0.5 | Non-validated Theme Editing Allows Privilege Abuse and RCE
Disclosure of a Remote Code Execution vulnerability via non-validated theme editor in Vvveb.
Posted on: January 10, 2025 10:55 PM
ViewVvveb 1.0.5 | Authenticated Stored XSS on uploading image in posts & pages
Disclosure of stored XSS via malicious SVG affecting posts and pages in Vvveb CMS.
Posted on: January 10, 2025 10:48 PM
ViewVvveb 1.0.5 | Authenticated Stored XSS on creating posts & pages
Disclosure of stored XSS affecting posts and pages in Vvveb CMS.
Posted on: January 10, 2025 10:36 PM
ViewVvveb 1.0.5 | User account bruteforce
Disclosure of user login bruteforce vulnerability in Vvveb CMS.
Posted on: January 10, 2025 09:25 PM
ViewVvveb 1.0.5 | Admin password bruteforce
Disclosure of admin login bruteforce vulnerability in Vvveb CMS.
Posted on: January 10, 2025 09:17 PM
ViewFuel CMS 1.5.2 | Stored XSS in block preview
Disclosure of stored XSS vulnerability in Fuel CMS.
Posted on: January 10, 2025 08:29 PM
ViewezBookkeeping 0.7.0 - 2FA backup code bruteforce
Disclosure of login OTP bruteforce vulnerability in ezBookkeeping web app.
Posted on: January 01, 2025 10:36 AM
ViewezBookkeeping 0.7.0 - Login Bruteforce
Disclosure of login bruteforce vulnerability in ezBookkeeping web app.
Posted on: January 01, 2025 10:03 AM
View