Lucene search
K

26 matches found

EUVD
EUVD
added 2026/03/30 12:32 p.m.6 views

EUVD-2018-21710

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...

6.9CVSS6.1AI score0.00221EPSS
Exploits1References5
NVD
NVD
added 2026/03/30 12:16 p.m.5 views

CVE-2018-25226

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...

6.9CVSS0.00221EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.11 views

Codeorigin FTPShell Server 缓冲区错误漏洞

Codeorigin FTPShell Server is a security file transfer server software developed by Codeorigin Corporation. Version 6.83 of Codeorigin FTPShell Server contains a buffer overflow vulnerability. This vulnerability stems from a buffer overflow in the account name field, which could allow local...

6.9CVSS6.1AI score0.00221EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.10 views

FTP Shell Server 缓冲区错误漏洞

FTP Shell Server is a secure file transfer server software developed by FTP Shell Inc. Version 6.83 of FTP Shell Server contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the account name field that needs to be prevented. It may allow local attackers to...

8.6CVSS6.5AI score0.00214EPSS
Exploits1References3
Veracode
Veracode
added 2025/10/28 12:3 p.m.5 views

Cross-site Scripting

com.liferay.account.admin.web is vulnerable to Cross-Site Scripting. The vulnerability is due to insufficient input validation and improper output encoding due to the Account "Name" text field. This allows an attacker can inject a crafted payload into that field which is stored and later rendered...

5.4CVSS6.4AI score0.00205EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/11 1:5 p.m.4 views

CVE-2025-62237

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

4.8CVSS5.4AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/10 3:31 p.m.5 views

EUVD-2025-33721

Liferay Portal Commerce is vulnerable to XSS through account "name" field...

4.8CVSS5.8AI score0.00205EPSS
Exploits0References4
OSV
OSV
added 2025/10/10 3:31 p.m.3 views

GHSA-M4G9-5MG6-GFR3 Liferay Portal Commerce is vulnerable to XSS through account "name" field

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

4.8CVSS5.5AI score0.00205EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/10 3:31 p.m.7 views

Liferay Portal Commerce is vulnerable to XSS through account "name" field

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

5.4CVSS5.5AI score0.00205EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/10/10 1:15 p.m.4 views

CVE-2025-62237

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

5.4CVSS0.00205EPSS
Exploits0References1
OSV
OSV
added 2025/10/10 1:15 p.m.5 views

CVE-2025-62237

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

5.4CVSS5.3AI score0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/10 12:51 p.m.1 views

CVE-2025-62237

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

4.8CVSS5AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/10 12:51 p.m.7 views

CVE-2025-62237

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

4.8CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/10/10 12:51 p.m.13 views

CVE-2025-62237

Summary of CVE-2025-62237 : A stored Cross-site Scripting (XSS) vulnerability affects Liferay Portal/MCommerce integration. The issue arises in the Commerce view order page, where input in the Account “Name” field is not properly neutralized before storage and display, enabling an attacker to inj...

5.4CVSS5AI score0.00205EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/10/10 12:33 p.m.3 views

CVE-2025-62238

Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...

4.8CVSS5AI score0.00205EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.4 views

PT-2025-41559

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.8 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal versions 7.4 update 8 through update 92 Description A stored cross-site scriptin...

4.8CVSS5.4AI score0.00205EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-30797

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00411EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.5 views

PT-2025-38758

Name of the Vulnerable Software and Affected Versions ARD affected versions not specified Description A Cross-Site Scripting XSS issue exists in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. Th...

7.3CVSS5.7AI score0.00411EPSS
Exploits1References6
CVE
CVE
added 2025/09/22 12:0 a.m.20 views

CVE-2025-55888

The CVE-2025-55888 entry concerns ARD’s Ajax transaction manager endpoint, where the accountName field is not properly sanitized or encoded, causing a Cross‑Site Scripting (XSS) vulnerability. Affected component: Ajax transaction manager endpoint (ARD). Underlying cause: improper input handling i...

7.3CVSS5.6AI score0.00411EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.6 views

CVE-2023-27069

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...

5.4CVSS5.6AI score0.00521EPSS
Exploits1References1
Rows per page
Query Builder