Authorization Bypass Through User-Controlled Key

Overview spreeapi is a Spree Api module Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the checkout endpoint. An attacker can access and retrieve address information belonging to other users by modifying the address identifier in the order...

Insecure Direct Object Reference (IDOR)

com.liferay, com.liferay.change.tracking.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the AccountEntriesAdminPortlet’s addressId parameter, which allows an attacker to access addresses belonging to other accounts by manipulatin...

CVE-2025-62242

Insecure Direct Object Reference IDOR vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to from one account to view addresses fr...

EUVD-2025-34078

Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key...

DomainMOD cross-site scripting vulnerability (CNVD-2019-07972)

DomainMOD is an open source application for managing your domain names and other Internet assets in a centralized location. A cross-site scripting vulnerability exists in DomainMOD versions 4.11.01 and earlier, which can be exploited by remote attackers to inject arbitrary web script or HTML via...