Gitea 1.7.3 stored HTML injection (XSS)

: 1.7.0 - 1.7.3 Tested:1.7.2, 1.7.3 Fixed: 1.7.4 Prerequisites: edit repository settings Severity: low CVE: NA Credit:Anti Räis HTML version: https://bitflipper.eu/ Description === Gitea is a self hosted git repository service, which is affected by

October CMS v1.0.412 several vulnerabilities

authenticated user with media or asset management permission CVE: pending Credit:Anti Räis HTML version: https://bitflipper.eu Product === October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Description

MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi

: attacker needs to be authenticated and with correct permissions Severity: high CVE: NA Credit:Anti Räis HTML version: https://bitflipper.eu Description === A SQL injection vulnerability was discovered in the xPDO library used by MODX Revolution 2.5.6. The

b2evolution CMS 6.6.0 - 6.8.10 PHP code execution

accessible /install functionality CVE: CVE-2017-1000423 Credit:Anti Räis HTML version: https://bitflipper.eu Description === Unauthenticated user with access to `/install` functionality can configure the application installation parameters and complete the installation. This