Lucene search
+L

81 matches found

euvd
euvd
added 2026/07/08 1:48 p.m.6 views

EUVD-2026-42252

Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and...

5.4CVSS6AI score0.00138EPSS
Exploits0References2
cve
cve
added 2026/07/08 1:48 p.m.11 views

CVE-2026-56283

Capgo before 12.128.2 contains an HTML injection vulnerability in the organization settings endpoint. Attackers can inject malicious HTML into the organization name field, enabling an open redirection to untrusted websites, which could facilitate phishing and reputational damage. The CVE entry no...

5.4CVSS6AI score0.00138EPSS
Exploits0References2
cve
cve
added 2026/06/24 8:33 p.m.25 views

CVE-2026-52813

CVE-2026-52813 (Gogs) involves a path traversal flaw in organization names that contain ../ sequences, causing writes to arbitrary filesystem paths. The root cause is insufficient sanitization in internal/database/org.go (and related repo path logic), enabling an attacker to nest Git repositories...

10CVSS6.1AI score0.01107EPSS
In wildExploits0References4
osv
osv
added 2026/06/23 5:10 p.m.4 views

GHSA-C39W-43GM-34H5 Gogs has Path Traversal in organization name that results in RCE through Git hooks

Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...

10CVSS6.1AI score0.01107EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51631

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs contains a path traversal flaw where organization names containing relative path sequences e.g., ../ are accepted without proper sanitization. This occurs because the internal/database/org.go file...

10CVSS7.5AI score0.01107EPSS
Exploits0References19
euvd
euvd
added 2026/03/19 6:31 p.m.9 views

EUVD-2026-13130

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/19 3:49 p.m.30 views

CVE-2026-32869 OPEXUS eComplaint and eCASE XSS via Name of Organization field

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information...

5.5CVSS0.00141EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/19 12:0 a.m.11 views

OPEXUS eComplaint和OPEXUS eCASE 安全漏洞

OPEXUS eComplaint and OPEXUS eCASE are products of the American company OPEXUS. OPEXUS eComplaint is a complaint and appeal management platform. OPEXUS eCASE is an case management system. There were security vulnerabilities in versions of OPEXUS eComplaint and OPEXUS eCASE before 10.2.0.0. These...

5.5CVSS5.7AI score0.00141EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/19 12:0 a.m.7 views

PT-2026-26311

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References6
veracode
veracode
added 2025/12/13 4:36 a.m.7 views

Cross-Site Scripting (XSS)

com.liferay, com.liferay.account.admin.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Account Role “Title” and Organization “Name” fields, which allows an attacker to inject crafted HTML or JavaScript payloads that execute when users vi...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References5Affected Software1
osv
osv
added 2025/11/13 8:30 p.m.5 views

CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...

3.5CVSS6.5AI score0.00175EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/10/28 7:53 p.m.4 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References1
snyk
snyk
added 2025/10/27 9:30 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Title field in the Account Role or an Organization's Name field. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise...

5.4CVSS5.3AI score0.00202EPSS
Exploits0References2
osv
osv
added 2025/10/27 9:30 p.m.6 views

GHSA-8MGF-RGG5-W38Q Liferay Portal Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS6AI score0.00202EPSS
Exploits0References6
github
github
added 2025/10/27 9:30 p.m.10 views

Liferay Portal Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS6AI score0.00202EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2025/10/27 8:15 p.m.7 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS0.00202EPSS
Exploits0References1
osv
osv
added 2025/10/27 8:15 p.m.4 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS5.6AI score0.00202EPSS
Exploits0References1
euvd
euvd
added 2025/10/27 7:38 p.m.4 views

EUVD-2025-36346

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

4.8CVSS5.3AI score0.00202EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/10/27 7:38 p.m.4 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

4.8CVSS5.5AI score0.00202EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/27 7:38 p.m.8 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

4.8CVSS0.00202EPSS
Exploits0References1
Rows per page
Query Builder