5077 matches found
CVE-2025-55203 Plane Stored XSS in Add Work Item Functionality
Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting XSS vulnerability exists in the descriptionhtml field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and later executed in other users’ browsers. The...
CVE-2025-43734
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...
Duplicate Advisory: Flowise vulnerable to RCE via Dynamic function constructor injection
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hmgh-466j-fx4c. This link is maintained to preserve external references. Original Description User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers...
CVE-2025-8910 WellChoose|Organization Portal System - Reflected Cross-site Scripting
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
CVE-2025-50690
A Cross-Site Scripting XSS vulnerability exists in SpatialReference.org OSGeo/spatialreference.org versions prior to 2025-05-17 commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491. The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a...
CVE-2025-36000
CVE-2025-36000 affects IBM WebSphere Application Server Liberty. The Connected IBM bulletin confirms Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting, allowing a privileged user to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a...
CVE-2025-43734
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...
CVE-2025-43734
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...
CVE-2025-54800
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
GHSA-222W-XMC5-JHP3 Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-43735
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-43735
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-43735
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-43735
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-43735
CVE-2025-43735 is a reflected XSS vulnerability in Liferay Portal 7.4.x (7.4.0–7.4.3.131) and Liferay DXP 2024.Q1–Q4 updates up to 2024.Q4.7 (and related 7.4 GA up to update 92). An unauthenticated remote attacker can inject JavaScript into the google_gadget. Affected components include com.lifer...
PT-2025-32669 · Liferay · Liferay Portal +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...
Hydra 跨站脚本漏洞
Hydra is a Nix open source continuous integration service based on the Nix project. A cross-site scripting vulnerability exists in versions prior to Hydra dea1e16, which stems from a malicious package that can inject arbitrary JavaScript code, potentially leading to a cross-site scripting attack...
PT-2025-32681 · Hydra · Hydra
Name of the Vulnerable Software and Affected Versions: Hydra versions prior to commit dea1e16 Description: Hydra, a continuous integration service for Nix based projects, is susceptible to arbitrary JavaScript code injection into its database. A malicious package can introduce this code, which is...
Liferay Portal Reflected XSS in blogs-web
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...