CVE-2020-37190

CVE-2020-37190 affects Top Password Firefox Password Recovery 2.8, which contains a denial of service vulnerability allowing a crash via input field overflow. An attacker can trigger this by inserting 5000 characters into the User Name or Registration Code fields. The CVSS metrics indicate a high...

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.item.selector.web are vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation in user name fields First Name, Middle Name, Last Name, which allows a remote attacker to inject arbitrary web scripts or HTML via...

CVE-2025-14221

A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used...

CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

Liferay Portal is vulnerable to XSS through its Calendar Events parameters

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

GHSA-Q8FJ-76Q7-4P7H Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.asset.publisher.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notifications widget when processing user-supplied input in text fields such as First Name, Middle Name, Last Name, Other Reason, or t...

EUVD-2025-33163

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

CVE-2025-43771

CVE-2025-43771 affects Liferay Portal/DXP: multiple XSS vulnerabilities in the Notifications widget (First/Middle/Last Name, Other Reason, or content name) across Liferay Portal 7.4.3.102–7.4.3.111 and Liferay DXP 2023.Q3.1–Q3.10, 2023.Q4.0–Q4.5. Root cause is improper input handling in the Notif...

PT-2025-41263

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.102 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Description The Notifications widget contains multiple cross-site scripting XSS issues. Thes...

CVE-2025-43820

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

CVE-2025-43820

A validated XSS vulnerability in the Liferay Calendar widget allows remote attackers to inject arbitrary scripts via crafted input in the user’s First Name, Middle text, or Last Name fields. Affected are Liferay Portal 7.4.3.35–7.4.3.110 and Liferay DXP 2023.Q4.0–2023.Q4.4, plus 7.3 Update 25–35 ...

CVE-2025-43820

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

CVE-2024-42769

A Reflected Cross Site Scripting XSS vulnerability was found in "/core/signupuser.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "userfname" and "userlname" parameters...

PT-2024-15815 · Unknown · Codeastro Online Railway Reservation System

Name of the Vulnerable Software and Affected Versions: CodeAstro Online Railway Reservation System version 1.0 Description: A vulnerability has been found in the CodeAstro Online Railway Reservation System, classified as problematic. This issue affects unknown code of the file pass-profile.php. T...

Service Provider Management System Cross-Site Scripting Vulnerability

Service Provider Management System is a web-based application developed by Carlo Montero, an individual developer. It is designed to provide dynamic websites for service provider companies. A cross-site scripting vulnerability exists in Service Provider Management System v.1.0 that could allow a...

Integer Overflow or Wraparound

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in app/models/user.rb, which allows attackers to cause denial of service by supplying an excessively long name value fo...