23 matches found
nginxWebUI 代码注入漏洞
nginxWebUI is a nginx web configuration tool developed by cym1102 as an individual developer. Versions of nginxWebUI 4.3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter nginxDir in the file adminPage/conf/conf, which coul...
PT-2025-48568
Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.11.0-beta.1 Description The Grav admin plugin, an HTML user interface for configuring Grav and managing pages, contains a Reflected Cross-Site Scripting XSS issue. An attacker can inject malicious scripts through the...
EUVD-2006-0711
Malware in sbrugna...
EUVD-2025-31654
Malicious code in bioql PyPI...
CVE-2025-43815
Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...
GHSA-WMJX-XV9V-R89Q Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page
Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaylayoutadminwebportletGroupPagesPortletbackURLTitle parameter on the page configuration page. An attacker can execute arbitrary web script or HTML in the context of a user's browser by tricking ...
Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page
Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2025-43815
Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2025-43815
CVE-2025-43815 is a reflected XSS in Liferay Portal 7.4.3.102–7.4.3.110 and Liferay DXP 2023.Q4.0–2023.Q4.2 (and 2023.Q3.5) exploitable via the com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURLTitle parameter on the page configuration page. The issue allows an attacker to inject arbi...
PT-2025-39900
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.102 through 7.4.3.110 Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 Liferay DXP version 2023.Q3.5 Description A reflected cross-site scripting XSS issue exists on the page configuration page. This allows remote...
The vulnerability of the Page and Field Configuration components of the Business Process Management tool in PeopleSoft Enterprise CC Common Application Objects of the Oracle PeopleSoft Products allows a hacker to gain access to read, modify, or delete data.
The vulnerability of the Page and Field Configuration components in the PeopleSoft Enterprise CC Common Application Objects business process management tool from the Oracle PeopleSoft Products family is related to deficiencies in access control. Exploiting this vulnerability could allow an attack...
CVE-2020-18468
Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...
CVE-2024-24771
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input test leads to cross site scripting. The attack may be...
CVE-2024-0948 NetBox Home Page Configuration config-revisions cross site scripting
DISPUTED A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input test leads to cross site scripting. The atta...
CVE-2024-0948 NetBox Home Page Configuration config-revisions cross site scripting
DISPUTED A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input test leads to cross site scripting. The atta...
CVE-2024-0948
NetBox is affected up to version 3.7.0 by a vulnerability in the /core/config-revisions handler that can lead to cross-site scripting when processing input such as test. Descriptions consistently indicate the issue is a XSS flaw resulting from unknown processing in the Home Page Configuration com...
NetBox Cross-Site Scripting Vulnerability
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox 3.7.0 and earlier versions, which stems from /core/config-revisions in the component Home Page...
UBUNTU-CVE-2022-21694
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...