CVE-2022-45122

Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.5301 and earlier Movable Type Advanced 7 Series, Movable Type 6.8.7 and earlier Movable Type 6 Series, Movable Type Advanced 6.8.7 and earlier Movable Type Advance...

CVE-2022-44946

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...

GHSA-2QWM-9MG5-JWQ8 Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module

A Cross-site scripting XSS vulnerability in the Announcements module before 6.0.11 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module

A Cross-site scripting XSS vulnerability in the Sharing module's user notification before 3.0.9 from Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafte...

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote...

Liferay Portal Vulnerable to XSS in the Object Module

Cross-site scripting XSS vulnerability in the Object module's edit object details page in Liferay Object Web before 1.0.99 from Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's Label text...

GHSA-R32W-V775-5952 Liferay Portal and Liferay DXP Vulnerable to XSS via the Document Library Module

A Cross-site scripting XSS vulnerability in Document Library module before 6.0.98 from Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...

GHSA-G6R2-6X46-JPP6 Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module

A Cross-site scripting XSS vulnerability in the Frontend Taglib module before 9.1.7 from Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...

Liferay DXP 跨站脚本漏洞

Liferay DXP is a digital experience collaboration platform from Liferay, Inc. A security vulnerability exists in Liferay DXP version 7.3.10 SP3, Liferay Portal versions 7.3.0 through 7.4.0, which originates from a vulnerability that could allow a remote attacker to inject arbitrary JS script or...

CVE-2022-37346

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...

CVE-2022-38975

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

CVE-2022-38972

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2020-19914

Cross Site Scripting XSS in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function...

CVE-2022-27637

Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2022-27637

Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2022-36350

Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2022-28715

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2022-30604

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2022-33151

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors...