CVE-2026-7394

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...

PT-2026-35963

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may...

GHSA-M4G9-5MG6-GFR3 Liferay Portal Commerce is vulnerable to XSS through account "name" field

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

Liferay Portal Commerce is vulnerable to XSS through account "name" field

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

CVE-2025-62237

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

GHSA-4MQX-4P8G-995W Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page

Multiple stored Cross-site Scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page

Multiple stored Cross-site Scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...

CVE-2025-43822

CVE-2025-43822 is a stored XSS vulnerability affecting Liferay Portal and Liferay DXP. The issue arises when an attacker injects arbitrary web script or HTML into the Terms and Conditions Name field on the view order page, affecting Liferay Portal 7.4.3.15–7.4.3.111 and Liferay DXP releases 2023....

PT-2025-41193

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.15 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay versions 7.4 update 15 through update 92 Description The software contains multiple...

Online Eyewear Shop 跨站脚本漏洞

Online Eyewear Shop is an online eyewear store by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in SourceCodester Online Eyewear Shop version 1.0, which stems from a problem with the file admin/?page=orders/vieworder, where manipulation of the parameter id ca...

Online Food Ordering System 跨站脚本漏洞

Online Food Ordering System is an online food ordering system. An SQL injection vulnerability exists in Online Food Ordering System, which stems from a lack of validation of externally entered SQL statements in the id parameter of the vieworder.php page. An attacker could use this vulnerability t...

CVE-2023-24197

Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at vieworder.php...

Sanitization Management System SQL注入漏洞

Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. Sanitization Management System v1.0 is vulnerable to a SQL injection vulnerability that was discovered via the id parameter of /admin/?page=orders/vieworder to contain a SQL injection...

Online Pet Shop We App SQL注入漏洞

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A security vulnerability exists in version 1.0 of Online Pet Shop We App, which stems from an SQL injection issue in the id parameter of the /admin/?page=orders/vieworder location...

Online Pet Shop We App SQL注入漏洞

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A security vulnerability exists in version 1.0 of Online Pet Shop We App, which stems from an SQL injection issue in the id parameter of the /admin/?page=orders/vieworder location...

Sql injection

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/admin/orders/vieworder.php?view=user&id=...