18 matches found
EUVD-2025-25271
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization due to improper handling of the comliferayusersadminwebportletUsersAdminPortletassetTagNames parameter, allowing remote authenticated attackers to inject JavaScript...
CVE-2025-43741
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...
Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...
Cross-site Scripting (XSS)
Overview com.liferay:com.liferay.asset.taglib is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the assetTagNames parameter. An authenticated attacker can execute arbitrary JavaScript in the context of a user's browser by crafting a maliciou...
GHSA-J6P8-G3RJ-GHPM Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...
CVE-2025-43741
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...
CVE-2025-43741
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...
CVE-2025-43741
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...
CVE-2025-43741
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...
PT-2025-34040 · Liferay · Liferay Portal +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.14 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...
SUSE CVE-2011-4346
Cross-site scripting XSS vulnerability in the web interface in Red Hat Network RHN Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page...
CSV Injection in CSV files generated by the backend
Description Formula Elements are not sanitized before adding to CSV reports. This leads to CSV formula injection. Proof of Concept Steps to reproduce: 1. Log in to Snipe-IT & create a new Asset with arbitrary values. For the Asset Tag enter =1+1 Screenshot 1 2. Got to Reports - Custom Asset Repor...
Cross-site Scripting (XSS) - Generic in snipe/snipe-it
Description XSS in bulk audit function via the asset tag parameter Proof of Concept 1: Go to http:///hardware/bulkaudit feature 2: Use alertdocument.domain as "Asset Tag" parameter 3: Click "Audit", the XSS should be triggered via the message Asset Tag ASSETTAG not found. Impact This vulnerabilit...
CVE-2011-4346
Cross-site scripting XSS vulnerability in the web interface in Red Hat Network RHN Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page...
CVE-2011-4346
CVE-2011-4346 corresponds to an XSS flaw in the web interface of Red Hat Network Satellite 5.4.1. An authenticated RHN Satellite user could inject arbitrary script/HTML via the Description field of the asset tag in a Custom Info page. The issue is documented across multiple sources (RHSA-2011:179...
PT-2011-4937 · Red Hat · Red Hat Network Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Network RHN Satellite version 5.4.1 Description: A cross-site scripting XSS issue exists in the web interface, allowing remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a...
satellite: XSS flaw in custom system information key handling
Cross-site scripting XSS vulnerability in the web interface in Red Hat Network RHN Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page...