CVE-2025-43737

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...

GHSA-VJWR-CQWF-6Q96 Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...

CVE-2024-30929

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php...

DerbyNet 安全漏洞

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet back parameter, which is caused by improper validation of user-supplied input in the playlist.php script. An attacker could use this vulnerability to steal the victim's...

CVE-2024-28344

An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...

PT-2024-23679 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the back parameter in "playlist.php". This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below,...

CVE-2023-36289

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...

Webkul QloApps 跨站脚本漏洞

Webkul QloApps is a free and open source hotel reservation and online booking system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a cross-site scripting XSS vulnerability. An attacker can use this vulnerability to obtain a user's session cookie and then emula...

PT-2023-25102 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.70 through 7.4.3.76 Liferay DXP 7.4 update 70 through 76 Description: A cross-site request forgery CSRF issue in the Layout module's SEO configuration allows remote attackers to execute arbitrary code in the...

PT-2023-22606 · Webkil · Webkul Qloapps

Name of the Vulnerable Software and Affected Versions: Webkil QloApps version 1.5.2 Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the back and email create parameters in the AuthController.php file. Recommendations: For Webkil QloApps versi...

Webkil QloApps 跨站脚本漏洞

Webkil QloApps is free open source hotel booking and online reservation system. A security vulnerability exists in Webkil QloApps version v.1.5.2. An attacker exploits the vulnerability to obtain sensitive information via the back and emailcreate parameters in the AuthController.php file...

Cross-site Scripting (XSS)

Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Cross-site Scripting XSS via the back parameter on a Stripe payment page. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” ...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

PT-2023-22811 · Pay · Pay

Name of the Vulnerable Software and Affected Versions: Pay versions prior to 6.3.2 Description: A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay...

Exploit for Cross-site Scripting in Webkul Qloapps

Webkul Qloapps 1.5.2 - Cross-Site Scripting XSS Webkul QloAp...

PrestaShop cross-site scripting vulnerability (CNVD-2020-25944)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in the 'back' parameter in PrestaShop...

PrestaShop Input Validation Error Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. An input validation error vulnerability exists in the 'back' parameter in PrestaShop...

CVE-2020-5285

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with back parameter. The problem is fixed in 1.7.6.5...

PHPOK Cross-Site Scripting Vulnerability

PHPOK is an enterprise building system that supports expansion. A cross-site scripting vulnerability exists in the framework/www/logincontrol.php file in PHPOK version 4.8.278. A remote attacker can exploit this vulnerability by injecting arbitrary web script or HTML e.g., changing cookies with t...

CVE-2018-16142

PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/logincontrol.php via the back parameter to the okf function...