CVE-2026-9414

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

PT-2026-42989

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer name results in cross...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: mld: Fixed a panic that occurred in mldnewpack. mldnewpack does not allow for the allocation of higher-order pages; only order-0 allocations are allowed. If the headroom size is too large, a kernel panic may occur in skbput...

CVE-2026-7394

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...

PT-2026-35963

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may...

CVE-2026-3231

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

EUVD-2025-197855

A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirmorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field on the account view order page. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted input to this field. Details Cross-site scripting or XSS is a code...

GHSA-M4G9-5MG6-GFR3 Liferay Portal Commerce is vulnerable to XSS through account "name" field

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

Liferay Portal Commerce is vulnerable to XSS through account "name" field

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

CVE-2025-62237

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

GHSA-4MQX-4P8G-995W Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page

Multiple stored Cross-site Scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page

Multiple stored Cross-site Scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

CVE-2025-43822 is a stored XSS vulnerability affecting Liferay Portal and Liferay DXP. The issue arises when an attacker injects arbitrary web script or HTML into the Terms and Conditions Name field on the view order page, affecting Liferay Portal 7.4.3.15–7.4.3.111 and Liferay DXP releases 2023....

PT-2025-41193

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.15 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay versions 7.4 update 15 through update 92 Description The software contains multiple...