Liferay DXP XSS (CVE-2025-2536)

The detected install of Liferay DXP is affected by a cross-site scripting XSS vulnerability in the Frontend JS module's layout-taglib/liferay/index.js that allows remote attackers to inject arbitrary web script or HTML via toastData parameter Note that Nessus has not tested for this issue but has...

PT-2025-17247 · Tp Link · Tp-Link Wr841N

Name of the Vulnerable Software and Affected Versions: TP-Link WR841N versions v14/v14.6/v14.8 = Build 241230 Rel. 50788n TP-Link WR841N version = 4.19 Description: A stored cross-site scripting XSS vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N allows remote attackers ...

CVE-2025-2536

CVE-2025-2536 is an XSS vulnerability affecting Liferay Portal 7.4.3.82–7.4.3.128 and Liferay DXP releases up to 2024.Q3.0 (plus 2024.Q2.x, 2024.Q1.x, 2023 Q3/Q4 series). The issue resides in the Frontend JS module layout-taglib/liferay /index.js, where the toastData parameter can be used to inje...

CVE-2025-27434

Due to insufficient input validation, SAP Commerce Swagger UI allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting XSS attack. This could lead to a high impact on the confidentiality, integrity...

How to Create a Scan to Identify Command Injection

This whitepaper covers how to create a scan in Perl to identify remote code injection in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid remote code injection problems...

CVE-2024-55064

Multiple cross-site scripting XSS vulnerabilities in EasyVirt DC NetScope = 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the 1 smtpserver, 2 smtpaccount, 3 smtppassword, or 4 emailrecipients parameter to /smtp/update; the 5 ntp or 6 dns parameter to...

Linux Distros Unpatched Vulnerability : CVE-2016-7954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this...

ROS-20250303-02

Vulnerability in the htmlawed module of the GLPI computer hardware request, incident and inventory system is related to incorrect input validation in /vendor/htmlawed/htmlawed/htmlawed/htmLawedTest.php. Exploitation of the of the vulnerability could allow an attacker acting remotely to inject...

CVE-2024-55064

Multiple cross-site scripting XSS vulnerabilities in EasyVirt DC NetScope = 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the 1 smtpserver, 2 smtpaccount, 3 smtppassword, or 4 emailrecipients parameter to /smtp/update; the 5 ntp or 6 dns parameter to...

CVE-2024-55064

Multiple cross-site scripting XSS vulnerabilities in EasyVirt DC NetScope = 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the 1 smtpserver, 2 smtpaccount, 3 smtppassword, or 4 emailrecipients parameter to /smtp/update; the 5 ntp or 6 dns parameter to...

CVE-2025-1465

A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high...

CVE-2024-34225

Cross Site Scripting vulnerability in php-lms/admin/?page=systeminfo in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters...

CVE-2024-31847

An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting XSS vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization...

CVE-2020-36085

Stored Cross Site ScriptingXSS vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply For This Job Form...

CVE-2020-25163

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This...

CVE-2024-25602

Stored cross-site scripting XSS vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject...

CVE-2024-51941

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An...

CVE-2024-51941

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An...

CVE-2024-51941

CVE-2024-51941 is a remote code injection vulnerability in Apache Ambari’s Metrics and AMS Alerts. The issue occurs when processing alert definitions, where authenticated users can inject input into the alert script execution path to execute arbitrary commands on the server. The CVSSv3.1 vector (...

CVE-2024-51941 Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An...