CVE-2025-43737

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...

GHSA-VJWR-CQWF-6Q96 Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...

CVE-2024-30929

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php...

DerbyNet 安全漏洞

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet back parameter, which is caused by improper validation of user-supplied input in the playlist.php script. An attacker could use this vulnerability to steal the victim's...

CVE-2024-28344

An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...

PT-2024-23679 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the back parameter in "playlist.php". This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below,...

CVE-2023-36289

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...

Webkul QloApps 跨站脚本漏洞

Webkul QloApps is a free and open source hotel reservation and online booking system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a cross-site scripting XSS vulnerability. An attacker can use this vulnerability to obtain a user's session cookie and then emula...

PT-2023-25102 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.70 through 7.4.3.76 Liferay DXP 7.4 update 70 through 76 Description: A cross-site request forgery CSRF issue in the Layout module's SEO configuration allows remote attackers to execute arbitrary code in the...

Webkil QloApps 跨站脚本漏洞

Webkil QloApps is free open source hotel booking and online reservation system. A security vulnerability exists in Webkil QloApps version v.1.5.2. An attacker exploits the vulnerability to obtain sensitive information via the back and emailcreate parameters in the AuthController.php file...

PT-2023-22606 · Webkil · Webkul Qloapps

Name of the Vulnerable Software and Affected Versions: Webkil QloApps version 1.5.2 Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the back and email create parameters in the AuthController.php file. Recommendations: For Webkil QloApps versi...

Cross-site Scripting (XSS)

Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Cross-site Scripting XSS via the back parameter on a Stripe payment page. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” ...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

PT-2023-22811 · Pay · Pay

Name of the Vulnerable Software and Affected Versions: Pay versions prior to 6.3.2 Description: A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay...

Exploit for Cross-site Scripting in Webkul Qloapps

Webkul Qloapps 1.5.2 - Cross-Site Scripting XSS Webkul QloAp...

PrestaShop cross-site scripting vulnerability (CNVD-2020-25944)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in the 'back' parameter in PrestaShop...

PrestaShop Input Validation Error Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. An input validation error vulnerability exists in the 'back' parameter in PrestaShop...

CVE-2020-5285

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with back parameter. The problem is fixed in 1.7.6.5...

PHPOK Cross-Site Scripting Vulnerability

PHPOK is an enterprise building system that supports expansion. A cross-site scripting vulnerability exists in the framework/www/logincontrol.php file in PHPOK version 4.8.278. A remote attacker can exploit this vulnerability by injecting arbitrary web script or HTML e.g., changing cookies with t...

CVE-2018-16142

PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/logincontrol.php via the back parameter to the okf function...