Lucene search
+L

75 matches found

osv
osv
added 2022/05/24 5:38 p.m.7 views

GHSA-PVPG-9553-F979 Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter

Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...

6.1CVSS5.7AI score0.00941EPSS
Exploits0References5
github
github
added 2022/05/24 5:38 p.m.13 views

Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter

Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...

6.1CVSS5.8AI score0.00941EPSS
Exploits0References5Affected Software1
osv
osv
added 2022/04/28 8:15 p.m.4 views

CVE-2022-28060

SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...

7.5CVSS5.8AI score0.01571EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/04/28 8:15 p.m.3 views

CVE-2022-28060

SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...

7.5CVSS6AI score0.01571EPSS
Exploits1References4
cnnvd
cnnvd
added 2022/04/28 12:0 a.m.4 views

Victor CMS SQL注入漏洞

Victor CMS is an open source content management system by Victor Alagwu, a personal developer in Nigeria. v1.0 of Victor CMS is vulnerable to SQL injection, which originates from the username parameter in /includes/login.php, and can be exploited by attackers to inject queries in /CMSsite/ throug...

7.5CVSS5.8AI score0.01571EPSS
Exploits1References5
osv
osv
added 2022/01/31 7:15 p.m.3 views

CVE-2021-46459

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...

7.5CVSS7.1AI score0.0137EPSS
Exploits1References2
osv
osv
added 2021/01/07 5:15 p.m.17 views

CVE-2020-25476

Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...

6.1CVSS6.1AI score
Exploits0References3
cvelist
cvelist
added 2021/01/07 4:4 p.m.33 views

CVE-2020-25476

Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...

6.5AI score0.00941EPSS
Exploits0References3
osv
osv
added 2018/09/04 12:29 a.m.2 views

CVE-2018-16432

BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...

9.8CVSS5.8AI score0.01135EPSS
Exploits1References1
cnvd
cnvd
added 2018/05/09 12:0 a.m.7 views

TP-Link EAP Controller and Omada Controller Cross-Site Scripting Vulnerability (CNVD-2018-09302)

TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A cross-site scripting vulnerability exists in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows. A remote attacker can...

5.4CVSS5.9AI score0.00607EPSS
Exploits3References1
cnvd
cnvd
added 2016/09/01 12:0 a.m.4 views

SQL injection vulnerability in the user_name parameter of Request.aspx page of Nanjing Fargo Streaming Media System.

Nanjing Fargo streaming media system is mainly used for applications such as network TV, live event broadcasting, remote education, enterprise roadshow and multimedia public information service, etc. The system integrates computer, network, audio/video and mobile communication and other related...

7.7AI score
Exploits0References1
osv
osv
added 2016/04/22 10:59 a.m.4 views

CVE-2016-1596

Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...

5.4CVSS5.8AI score0.02427EPSS
Exploits3References5
atlassian
atlassian
added 2016/03/21 10:33 p.m.20 views

Stored XSS in ViewWorkflowTransition.jsp

Step to reproduce: 1 Go to workflow edit page as an administrator 2 Add validator "User Permission Validator" to transition with user name parameter "alert2" 3 It will trigger xss on ViewWorkflowTransition page...

2.7AI score
Exploits0Affected Software1
cvelist
cvelist
added 2009/04/02 3:0 p.m.25 views

CVE-2009-1228

Cross-site scripting XSS vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field username parameter...

5.7AI score0.01525EPSS
Exploits0References4
cvelist
cvelist
added 2009/02/09 5:0 p.m.31 views

CVE-2008-6096

Cross-site scripting XSS vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the 1 web interface login page or the 2 telnet login page...

5.7AI score0.01033EPSS
Exploits0References4
Rows per page
Query Builder