Lucene search
K

45 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.7 views

CVE-2019-20615

An issue was discovered on Samsung mobile devices with N7.x and O8.x software. Attackers can bypass Factory Reset Protection FRP via SVoice T&C.; The Samsung ID is SVE-2018-13547 March 2019...

4.6CVSS7.1AI score0.00134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.4 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

4.3CVSS7.5AI score0.00289EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/15 6:30 p.m.6 views

EUVD-2025-203390

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

7AI score0.00289EPSS
Exploits1References3
NVD
NVD
added 2025/12/15 6:15 p.m.5 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

4.3CVSS0.00289EPSS
Exploits1References2
OSV
OSV
added 2025/12/15 12:0 a.m.2 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

4.3CVSS7.4AI score0.00289EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.4 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

7.1AI score0.00289EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.8 views

PT-2025-51257

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description An SSTI Server-Side Template Injection vulnerability exists in the get terms and conditions method. The function renders attacker-controlled Jinja2 templates terms using frappe.render templat...

8.1CVSS7AI score0.00289EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.22 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

0.00289EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/08 12:31 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name text field in the Terms and Conditions. An attacker can execute arbitrary web scripts or HTML in the context of another user by injecting crafted payloads. Details Cross-site scripting or XSS is a...

5.4CVSS5.4AI score0.00205EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/08 12:31 a.m.7 views

Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page

Multiple stored Cross-site Scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

5.4CVSS6AI score0.00205EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/10/07 11:15 p.m.4 views

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

5.4CVSS5.7AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/10/07 10:16 p.m.12 views

CVE-2025-43822

CVE-2025-43822 is a stored XSS vulnerability affecting Liferay Portal and Liferay DXP. The issue arises when an attacker injects arbitrary web script or HTML into the Terms and Conditions Name field on the view order page, affecting Liferay Portal 7.4.3.15–7.4.3.111 and Liferay DXP releases 2023....

5.4CVSS5.3AI score0.00205EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.4 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS5.8AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-8327

Malicious code in bioql PyPI...

5.3CVSS9AI score0.00471EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7538

Malicious code in bioql PyPI...

6.1CVSS5.5AI score0.00453EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.9 views

CVE-2022-4589

A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading ...

6.1CVSS6.9AI score0.00453EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.3 views

WordPress plugin Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin Legal Terms and Conditions Popup for User Login and...

5.9CVSS6AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/29 11:48 a.m.4 views

CVE-2025-30866

Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through = 1.2.15...

5.3CVSS7.2AI score0.00471EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 11:15 a.m.3 views

CVE-2025-30866

Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through = 1.2.15...

5.3CVSS0.00471EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/27 11:15 a.m.3 views

CVE-2025-30866

Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through = 1.2.15...

5.3CVSS7.2AI score0.00471EPSS
Exploits0References3
Rows per page
Query Builder