CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

RedhatCVE•added 2026/01/09 10:41 a.m.•7 views

CVE-2022-26596

Cross-site scripting XSS vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via we...

6.1CVSS5.9AI score0.0023EPSS

Exploits0References1

NVD•added 2024/02/20 9:15 a.m.•17 views

CVE-2024-25605

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

5.3CVSS5.3AI score0.00186EPSS

Exploits0References1

OSV•added 2024/02/20 9:15 a.m.•0 views

CVE-2024-25605

5.3CVSS5.8AI score0.00186EPSS

Exploits0References1

Prion•added 2024/02/20 9:15 a.m.•19 views

Code injection

5CVSS7.2AI score0.00186EPSS

Exploits0References1

Vulnrichment•added 2024/02/20 8:51 a.m.•11 views

CVE-2024-25605

5.3CVSS7.2AI score0.00186EPSS

Exploits0References1

Cvelist•added 2024/02/20 8:51 a.m.•28 views

CVE-2024-25605

5.3CVSS5.5AI score0.00186EPSS

Exploits0References1

Github Security Blog•added 2022/05/24 7:10 p.m.•5 views

Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the comliferayjournalwebportletJournalPortletnam...

5.4CVSS5.8AI score0.00167EPSS

Exploits0References4Affected Software2

OSV•added 2022/05/24 7:10 p.m.•1 views

GHSA-FVG6-9R88-7W85 Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

5.4CVSS5.6AI score0.00167EPSS

Exploits0References4

OSV•added 2022/04/25 4:16 p.m.•20 views

CVE-2022-26596

6.1CVSS5.9AI score

Exploits0References1

ATTACKERKB•added 2022/04/25 4:16 p.m.•0 views

CVE-2022-26596

6.1CVSS6AI score0.0023EPSS

Exploits0References2

Cvelist•added 2022/04/25 3:41 p.m.•17 views

CVE-2022-26596

6.2AI score0.0023EPSS

Exploits0References1

Positive Technologies•added 2022/04/25 12:0 a.m.•2 views

PT-2022-17949 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.3.3 Liferay DXP 7.0 before fix pack 94 Liferay DXP 7.1 before fix pack 19 Liferay DXP 7.2 before fix pack 8 Description: A cross-site scripting XSS issue exists in the Journal module's web content displ...

6.1CVSS6AI score0.0023EPSS

Exploits0References11

OSV•added 2021/08/04 1:15 p.m.•17 views

CVE-2021-33336

5.4CVSS5.9AI score0.00167EPSS

Exploits0References2

NVD•added 2008/05/09 6:20 p.m.•7 views

CVE-2008-2134

The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie...

6.8CVSS6.8AI score0.00631EPSS

Exploits0References5

Prion•added 2008/05/09 6:20 p.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, as demonstrated by a CSS property in the STYLE attribute of a DIV element, a different vulnerability than...

4.3CVSS6AI score0.00334EPSS

Exploits1References5Affected Software1

Cvelist•added 2008/05/09 6:0 p.m.•16 views

CVE-2008-2133

5.6AI score0.00329EPSS

Exploits0References5

CVE•added 2008/05/09 6:0 p.m.•35 views

CVE-2008-2133

CVE-2008-2133 is an XSS vulnerability in the Journal module of Tru-Zone Nuke ET 3.x. The flaw allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, demonstrated by a CSS property in the STYLE attribute of a DIV element. Affected component: Journal ...

4.3CVSS5.6AI score0.00329EPSS

Exploits0References5Affected Software1

CVE•added 2008/05/09 6:0 p.m.•33 views

CVE-2008-2134

CVE-2008-2134 affects the Journal module in Tru-Zone Nuke ET 3.x. An attacker can remotely obtain access to arbitrary user accounts and modify or delete data by supplying a modified username in an unspecified cookie. The vulnerability is documented in multiple sources (NVD entry CVE-2008-2134). T...

6.8CVSS6.8AI score0.00631EPSS

Exploits0References5Affected Software1

Cvelist•added 2008/05/09 6:0 p.m.•12 views

CVE-2008-2134

The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie...

6.8AI score0.00631EPSS

Exploits0References5

securityvulns•added 2006/11/01 12:0 a.m.•40 views

PHP-Nuke <= 7.9 Journal module (search.php) "forwhat" SQL Injection vulnerability

/ -------------------------------------------------------- Neo Security Team NST - Advisory 29 - 2006-10-31 -------------------------------------------------------- Program: PHP-Nuke Homepage: http://www.php.net Vulnerable Versions: PHP-Nuke = 7.9 Risk: Medium Impact: Medium Risk -==PHP-Nuke = 7....

8.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by