Linux Distros Unpatched Vulnerability : CVE-2019-18210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user...

GHSA-CPG4-QCJ8-42GP Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 allows an...

CVE-2025-43778

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 allows an...

CVE-2025-43778

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 allows an...

PT-2025-36739

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.19 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

CVE-2025-57540

CVE-2025-57540 describes a stored cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment (PVE) 8.4, specifically in the WebAuthn Relying Party field of the Datacenter configuration. The issue allows authenticated users to inject JavaScript that runs in the browsers of others who ...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-36542

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.20 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

PT-2025-36537

Name of the Vulnerable Software and Affected Versions: Liferay Portal version 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.17 Description: A reflected cross-site scripting XSS vulnerability exists in Liferay Portal and DXP. A remote authenticated user can inject JavaScript code via th...

CVE-2025-58746

The CVE-2025-58746 issue affects the Volkov Labs Business Links panel for Grafana, where prior to version 2.4.0 an Editor can escalate to Administrator due to arbitrary JavaScript code injection in the Layout → Link → URL field. The vulnerability enables arbitrary administrative actions on affect...

CVE-2025-58746 Volkov Labs Business Links plugin vulnerable to privilege escalation attack

The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...

CVE-2025-58746 Volkov Labs Business Links plugin vulnerable to privilege escalation attack

The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...

CVE-2025-58746 Volkov Labs Business Links plugin vulnerable to privilege escalation attack

The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...

PT-2025-36477

Name of the Vulnerable Software and Affected Versions: Smart Search & Filter Shopify App version 1.0 Description: A cross-site scripting XSS vulnerability exists in Smart Search & Filter Shopify App. A remote attacker can execute arbitrary JavaScript in a user's web browser by including a malicio...

PT-2025-36525

Name of the Vulnerable Software and Affected Versions: Volkov Labs Business Links panel for Grafana versions prior to 2.4.0 Description: The Volkov Labs Business Links panel for Grafana allows navigation using external links, internal dashboards, time pickers, and dropdown menus. Prior to version...

CVE-2025-2694

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI...

CVE-2025-45805

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...

CVE-2025-2694

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI...

CVE-2024-43184 IBM Jazz Foundation cross-site scripting

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

CVE-2025-45805

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...