26 matches found
EUVD-2018-21710
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...
CVE-2018-25226
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...
Codeorigin FTPShell Server 缓冲区错误漏洞
Codeorigin FTPShell Server is a security file transfer server software developed by Codeorigin Corporation. Version 6.83 of Codeorigin FTPShell Server contains a buffer overflow vulnerability. This vulnerability stems from a buffer overflow in the account name field, which could allow local...
FTP Shell Server 缓冲区错误漏洞
FTP Shell Server is a secure file transfer server software developed by FTP Shell Inc. Version 6.83 of FTP Shell Server contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the account name field that needs to be prevented. It may allow local attackers to...
Cross-site Scripting
com.liferay.account.admin.web is vulnerable to Cross-Site Scripting. The vulnerability is due to insufficient input validation and improper output encoding due to the Account "Name" text field. This allows an attacker can inject a crafted payload into that field which is stored and later rendered...
CVE-2025-62237
Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...
EUVD-2025-33721
Liferay Portal Commerce is vulnerable to XSS through account "name" field...
GHSA-M4G9-5MG6-GFR3 Liferay Portal Commerce is vulnerable to XSS through account "name" field
Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...
Liferay Portal Commerce is vulnerable to XSS through account "name" field
Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...
CVE-2025-62237
Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...
CVE-2025-62237
Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...
CVE-2025-62237
Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...
CVE-2025-62237
Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...
CVE-2025-62237
Summary of CVE-2025-62237 : A stored Cross-site Scripting (XSS) vulnerability affects Liferay Portal/MCommerce integration. The issue arises in the Commerce view order page, where input in the Account “Name” field is not properly neutralized before storage and display, enabling an attacker to inj...
CVE-2025-62238
Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...
PT-2025-41559
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.8 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal versions 7.4 update 8 through update 92 Description A stored cross-site scriptin...
EUVD-2025-30797
Malicious code in bioql PyPI...
PT-2025-38758
Name of the Vulnerable Software and Affected Versions ARD affected versions not specified Description A Cross-Site Scripting XSS issue exists in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. Th...
CVE-2025-55888
The CVE-2025-55888 entry concerns ARD’s Ajax transaction manager endpoint, where the accountName field is not properly sanitized or encoded, causing a Cross‑Site Scripting (XSS) vulnerability. Affected component: Ajax transaction manager endpoint (ARD). Underlying cause: improper input handling i...
CVE-2023-27069
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...