The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

PT-2023-25225 · Unknown · Gz Scripts Php Vacation Rental Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts PHP Vacation Rental Script version 1.8 Description: A problematic issue has been found, affecting an unknown part of the file /preview.php. The manipulation of the page, layout, sort by, and property id arguments leads to cross-sit...

CVE-2023-1298

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting XSS vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts...

Cross site scripting

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting XSS vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts...

CVE-2023-1298

CVE-2023-1298 affects ServiceNow Polaris Layout. A reflected XSS vulnerability could let an authenticated user inject arbitrary scripts. The CVSS v3.1 base score is 6.1 (Medium); vectors: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. Exploitation requires user interaction and has network access, with a ch...

CVE-2023-1298

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting XSS vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts...

PT-2023-16870 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow affected versions not specified Description: A Reflected Cross-Site scripting XSS vulnerability was identified in the ServiceNow Polaris Layout. This issue would enable an authenticated user to inject arbitrary scripts...

The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

OESA-2023-1387 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established,...

CVE-2023-37307

In MISP before 2.4.172, titleforlayout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts...

PT-2023-25898 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.172 Description: The issue arises from the improper sanitization of the title for layout in Correlations, CorrelationExclusions, and Layouts. This could potentially lead to security issues, although specific details...

Cross-site Scripting (XSS)

com.liferay.layout.seo.web is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of validation of the URLs in the layout module's SEO configuration, which allows an attacker to inject and execute malicious javascript or HTML via the...

Open Redirect

com.liferay.layout.seo.web is vulnerable to Open Redirect. The vulnerability exists due to the lack of validation in the backURL parameter in the layout module's SEO configuration, which allows an attacker to redirect users to malicious external URLs via the...

Liferay DXP 7.4.13.70 < 7.4.13.74 XSS

The detected install of Liferay DXP is between 7.4.13.70 and 7.4.13.73. It is therefore affected by a Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.13.70 through 7.4.13.73, which allows remote attackers to inject arbitrary web script or HTML...

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

Liferay Portal CE 7.4.3.70 < 7.4.3.74 XSS

The detected install of Liferay Portal CE is between 7.4.3.70 and 7.4.3.73. It is therefore affected by a Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, which allows remote attackers to inject arbitrary web script or HT...

WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC woocommercepreordercountdown productid="64"...

Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module

Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the...

Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...