Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2025/08/19 9:30 p.m.3 views

Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...

5.4CVSS5.7AI score0.00044EPSS
Exploits0References5Affected Software1
Snyk
Snykadded 2024/10/22 6:32 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the getExcludedPathsJSONArray function, which is populated by the plbackurl parameter in the content page editor. An attacker can perform administrative actions, execute arbitrary code, and alter user...

8.8CVSS7.4AI score0.06126EPSS
Exploits0References2
Snyk
Snykadded 2024/10/22 6:32 p.m.1 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the render function used by the My Account widget. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a link including a...

8.8CVSS7.4AI score0.02193EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2023/06/15 6:30 a.m.3 views

Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module

Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the...

8.8CVSS8.8AI score0.01433EPSS
Exploits0References3Affected Software2
Snyk
Snykadded 2023/06/15 6:30 a.m.1 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration of the Layout module. An attacker can cause users to be redirected to arbitrary external URLs by tricking them into clickin...

6.1CVSS7AI score0.00403EPSS
Exploits0References2
OSV
OSVadded 2019/04/09 9:29 p.m.0 views

CVE-2018-1356

A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the backurl parameter in the file scan component...

6.1CVSS5.9AI score
Exploits0References2
Zero Day Initiative
Zero Day Initiativeadded 2010/12/26 12:0 a.m.9 views

Novell iPrint Client Netscape Plugin call-back-url Parameter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the npnipp.dll Mozilla browser plugin for iPrint client. When assembling a URL using the...

9CVSS7.9AI score
Exploits0References1
Rows per page
Query Builder