45 matches found
CVE-2019-20615
An issue was discovered on Samsung mobile devices with N7.x and O8.x software. Attackers can bypass Factory Reset Protection FRP via SVoice T&C.; The Samsung ID is SVE-2018-13547 March 2019...
CVE-2025-66436
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
EUVD-2025-203390
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66436
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66436
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66436
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
PT-2025-51257
Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description An SSTI Server-Side Template Injection vulnerability exists in the get terms and conditions method. The function renders attacker-controlled Jinja2 templates terms using frappe.render templat...
CVE-2025-66436
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name text field in the Terms and Conditions. An attacker can execute arbitrary web scripts or HTML in the context of another user by injecting crafted payloads. Details Cross-site scripting or XSS is a...
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page
Multiple stored Cross-site Scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...
CVE-2025-43822
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...
CVE-2025-43822
CVE-2025-43822 is a stored XSS vulnerability affecting Liferay Portal and Liferay DXP. The issue arises when an attacker injects arbitrary web script or HTML into the Terms and Conditions Name field on the view order page, affecting Liferay Portal 7.4.3.15–7.4.3.111 and Liferay DXP releases 2023....
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
EUVD-2025-8327
Malicious code in bioql PyPI...
EUVD-2022-7538
Malicious code in bioql PyPI...
CVE-2022-4589
A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading ...
WordPress plugin Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL 跨站脚本漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin Legal Terms and Conditions Popup for User Login and...
CVE-2025-30866
Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through = 1.2.15...
CVE-2025-30866
Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through = 1.2.15...
CVE-2025-30866
Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through = 1.2.15...