Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.4 views

CVE-2023-53932

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...

5.4CVSS6AI score0.00205EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.4 views

CVE-2023-53932 Serendipity 2.4.0 Stored Cross-Site Scripting via Admin Entry Creation

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...

5.4CVSS5.7AI score0.00205EPSS
Exploits1References3
OSV
OSV
added 2025/12/17 10:44 p.m.3 views

CVE-2023-53932 Serendipity 2.4.0 Stored Cross-Site Scripting via Admin Entry Creation

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...

5.1CVSS5.9AI score0.00205EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Serendipity 跨站脚本漏洞

Serendipity is a PHP-based blogging system from the Serendipity team. The system supports the creation of online journals, blogs, web pages, and more. A cross-site scripting vulnerability exists in Serendipity version 2.4.0, which originates from the fact that an authenticated user can inject...

5.4CVSS5.7AI score0.00205EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/01 2:42 a.m.4 views

CVE-2025-62275

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers ...

6.9CVSS6.5AI score0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0779

Malicious code in bioql PyPI...

9CVSS8.9AI score0.00517EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 1:4 p.m.8 views

CVE-2024-25610

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...

9CVSS5.8AI score0.00517EPSS
Exploits0References1
Veracode
Veracode
added 2024/03/19 10:52 a.m.18 views

Cross Site Scripting(XSS)

Liferay Portal vulnerable to Cross-Site Scripting XSS. The vulnerability is due to inadequate input sanitization of blog entries in Liferay Portal and Liferay DXP. Specifically, the default configuration does not properly filter JavaScript from blog entry content, allowing remote authenticated...

9CVSS6AI score0.00517EPSS
Exploits0References2Affected Software4
Github Security Blog
Github Security Blog
added 2024/02/20 3:31 p.m.17 views

Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...

9CVSS6.2AI score0.00517EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2024/02/20 3:31 p.m.9 views

GHSA-VVPF-53QX-CXHH Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...

9CVSS5.8AI score0.00517EPSS
Exploits0References3
NVD
NVD
added 2024/02/20 1:15 p.m.17 views

CVE-2024-25610

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...

9CVSS8AI score0.00517EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.5 views

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

9CVSS6.3AI score0.00517EPSS
Exploits0References2
OSV
OSV
added 2022/03/03 12:15 a.m.5 views

CVE-2021-38267

Cross-site scripting XSS vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the comliferayblogswebportletBlogsAdminPortlettitle and...

5.4CVSS6.2AI score0.00579EPSS
Exploits0References2
CNVD
CNVD
added 2017/03/28 12:0 a.m.4 views

Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04651)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in admin/blog/add/URI in Subrion CMS version 4.0.5.10. A...

8.8CVSS6.4AI score0.00449EPSS
Exploits0References1
CISA
CISA
added 2014/06/10 12:0 a.m.14 views

Google Releases Security Updates for Chrome and Chrome OS

Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS. Some of these vulnerabilities could potentially allow an attacker to take control of the affected system or cause a denial of service. Updates available include: Chrome 35.0.1916.153 for Windows, Mac...

7AI score
Exploits0References2
CISA
CISA
added 2014/03/18 12:0 a.m.17 views

Google Releases Security Updates for Chrome

Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution. Updates available include: Chrome 33.0.1750.154 for Windows. Chrome 33.0.1750.152 for Mac and Linux. Chrome 33.0.1750.152 fo...

7.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/02 5:20 a.m.3 views

Pebble vulnerability where entries may become unviewable

Overview Pebble contains a vulnerability where blog entries may become unviewable due to a specially crafted comment being posted. Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability wher...

6.4CVSS6.7AI score0.01511EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/02 12:0 a.m.51 views

JVN#75492883: Pebble vulnerability where entries may become unviewable

Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability where blog entries may become unviewable. Impact A specially crafted comment being posted may cause an arbitrary blog entry to become...

6.4CVSS6.3AI score0.01511EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/04/27 12:0 a.m.17 views

ClearSpace Detection

The remote web server is running Jive ClearSpace, a social networking site letting users manage wikis, publish blog entries and discuss between each other. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid38183; scriptversion"1.8"; scriptnameenglish:"ClearSpace...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/09/08 12:0 a.m.26 views

Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure

The version of Simple PHP Blog installed on the remote host allows an unauthenticated, remote attacker to retrieve information about non-admin users defined to the application, including their user names and password hashes, which could in turn be used to gain access to the application. While the...

6.1AI score
Exploits0
Rows per page
Query Builder