Portal Security Vulnerabilities
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via...
9.8CVSS
9.5AI Score
0.002EPSS
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in...
7.5CVSS
7.5AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at...
8.8CVSS
8.9AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
8.8CVSS
8.9AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at...
8.8CVSS
8.9AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted...
8.8CVSS
8.9AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.7AI Score
0.002EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category,...
8.8CVSS
9AI Score
0.001EPSS
Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category,...
6.1CVSS
6AI Score
0.001EPSS
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia...
6.7CVSS
6.4AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via...
6.1CVSS
6AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site...
6.1CVSS
6AI Score
0.001EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...
5.4CVSS
5.3AI Score
0.001EPSS
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment...
4.3CVSS
4.3AI Score
0.001EPSS
An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case...
7.5CVSS
7.4AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object...
6.1CVSS
6AI Score
0.001EPSS
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify....
6.1CVSS
6.3AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit....
7.5CVSS
7.3AI Score
0.002EPSS
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devi...
7.8CVSS
7.6AI Score
0.0004EPSS
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate...
6.5CVSS
6.5AI Score
0.001EPSS
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of...
6.1CVSS
5.9AI Score
0.001EPSS
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS)...
6.1CVSS
6AI Score
0.001EPSS
3.3CVSS
5.2AI Score
0.0004EPSS
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no.....
6.1CVSS
6AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_blogs_web_portlet_BlogsAdminPortlet_title and...
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title...
5.4CVSS
5.3AI Score
0.001EPSS
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event...
5.3CVSS
5.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell....
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in...
6.1CVSS
6AI Score
0.001EPSS