CVE-2020-12472

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

CVE-2025-50574

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

CVE-2025-50574

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

CVE-2025-50574

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

Liferay Mentions Web is Vulnerable to Cross-site Scripting

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

CVE-2025-62246

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

CVE-2025-62246

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

CVE-2025-62246

CVE-2025-62246 is a stored XSS in Liferay Portal 7.4.x and Liferay DXP (older and unsupported versions) due to improper sanitization of name fields in com.liferay.mentions.web; exploited when a crafted first/mmiddle/last name is rendered in widgets/apps such as page comments, blog comments, docs/...

EUVD-2020-0586

Malware in sbrugna...

EUVD-2020-1429

Malware in sbrugna...

EUVD-2021-27295

Malware in sbrugna...

EUVD-2020-4778

Malware in sbrugna...

EUVD-2025-25111

Malicious code in bioql PyPI...

EUVD-2022-5609

Malicious code in bioql PyPI...

EUVD-2022-1536

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2013-2082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which...

CVE-2023-3641

A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument commentname/commentcontent leads to cross site...

NodCMS 跨站脚本漏洞

NodCMS is a free, multi-language, simple and powerful CMS based on CodeIgniter4 by Mojtaba Individual Developers. A cross-site scripting vulnerability exists in khodakhah NodCMS version 3.4.1, which stems from the parameter commentname/commentcontent in the file /en/blog-comment-4 that leads to...

Amasty Blog 跨站脚本漏洞

Amasty Blog is a web page extension of Amasty Inc. A cross-site scripting vulnerability exists in the commenting functionality of Amasty Blog Pro version 2.10.3, which can be exploited by attackers to inject cross-site code and launch XSS attacks...

forkcms SQL Injection Vulnerability (CNVD-2022-25983)

forkcms is an application. A CMS. forkcms version 5.11.1 previously contained a SQL injection vulnerability that stemmed from a lack of validation of externally entered SQL statements in the ids parameter of blog comments. An attacker could use this vulnerability to execute illegal SQL commands t...