HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2023-53981

Dec 27, 2025 16:58:03 UTC

PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 en...

CVE-2023-53978

Dec 27, 2025 16:58:02 UTC

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerabil...

CVE-2023-53977

Dec 27, 2025 16:58:02 UTC

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability b...

CVE-2023-53972

Dec 27, 2025 16:58:02 UTC

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques ...

CVE-2023-53953

Dec 27, 2025 16:58:01 UTC

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaS...

CVE-2023-53932

Dec 27, 2025 16:58:01 UTC

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when othe...

CVE-2023-53930

Dec 27, 2025 16:58:01 UTC

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changin...

CVE-2023-53927

Dec 27, 2025 16:58:01 UTC

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads ...

CVE-2023-53920

Dec 27, 2025 16:58:01 UTC

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into the podcast title exe...

CVE-2023-53919

Dec 27, 2025 16:58:00 UTC

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox conte...

CVE-2023-53918

Dec 27, 2025 16:58:00 UTC

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execut...

CVE-2023-53916

Dec 27, 2025 16:58:00 UTC

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads inje...

CVE-2023-53915

Dec 27, 2025 16:58:00 UTC

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script...

CVE-2023-53911

Dec 27, 2025 16:57:59 UTC

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execu...

CVE-2023-53910

Dec 27, 2025 16:57:59 UTC

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests...

Page: 2