Cross-site Scripting

com.liferay.commerce.order.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation and output encoding due to the Account “Name” text field accepting unneutralized input; an attacker can inject a crafted payload into that field which is stored and...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-55888

Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...

CVE-2025-55888

Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...

PT-2023-32272 · Codeastro · Codeastro Internet Banking System

Name of the Vulnerable Software and Affected Versions: CodeAstro Internet Banking System version 1.0 Description: A problematic issue has been found in the CodeAstro Internet Banking System, affecting the processing of the file pages view client.php. The manipulation of the acc name argument with...