PT-2025-50213

Name of the Vulnerable Software and Affected Versions Coohom SaaS Platform version 1760060603897 2025-10-28 Description A stored Cross-Site Scripting XSS issue exists in the Account Settings module. The issue occurs because unsanitized user input in Address fields, specifically City, State, and...

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

CVE-2025-65300

The CVE-2025-65300 entry concerns a stored XSS in the Coohom SaaS Platform, specifically in the Account Settings module for feVersion=1760060603897 (2025-10-28). The vulnerability arises from unsanitized input in Address fields (City, State, Country/Region) that is rendered back to the profile pa...

CVE-2025-12371

The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

CVE-2025-12371

CVE-2025-12371 (Nari Accountant) : The WordPress plugin Nari Accountant (versions

CVE-2025-12310

A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be initiated...

CVE-2025-12310

CVE-2025-12310 – VirtFusion : A vulnerability in VirtFusion up to 6.0.2 affects the Email Change Handler’s /account/_settings code, causing improper restriction of excessive authentication attempts (brute-force risk). Attack vector is network-based and remote; public exploit exists (PoC maturity)...

CVE-2025-12310 VirtFusion Email Change _settings excessive authentication

A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be initiated...

CVE-2025-12269

The CVE-2025-12269 entry concerns LearnHouse. A cross-site scripting (XSS) vulnerability exists in the Account Setting Page component, specifically in the file /dash/org/settings/previews. The issue is present in LearnHouse builds prior to 98dfad76aad70711a8113f6c1fdabfccf10509ca and can be trigg...

CVE-2025-62238

Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...

Liferay Portal's Membership page is vulnerable to XSS through “name“ text field

Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...

EUVD-2025-33720

Liferay Portal's Membership page is vulnerable to XSS through “name“ text field...

CVE-2025-62238

Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...

CVE-2025-62238

Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...

CVE-2025-62238

Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...

CVE-2025-62238

CVE-2025-62238 is a stored XSS vulnerability affecting Liferay Portal 7.4.3.21–7.4.3.111 and Liferay DXP 2023.Q4.0–2023.Q4.5, plus 2023.Q3.1–2023.Q3.8 and 7.4 update 21–92. The issue occurs on the Membership page in Account Settings via the Account Name field, where insufficient input validation ...

CVE-2025-62238

Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...

PT-2025-41560

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.21 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal versions 7.4 update 21 through update 92 Description A stored cross-site...

EUVD-2018-12707

Malware in sbrugna...

EUVD-2012-1013

Malware in sbrugna...