75 matches found
Astra Linux - уязвимость в zabbix
The endpoint /zabbix.php?action=export.valuemaps is vulnerable to a Cross-Site Scripting attack due to the backurl parameter. This vulnerability arises from the reflection of user-provided data without proper HTML escaping or output encoding. As a result, a JavaScript payload may be injected into...
CVE-2026-4510
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
EUVD-2026-14242
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
CVE-2026-4510
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
CVE-2026-4510
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
PT-2026-26883
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
PbootCMS 代码注入漏洞
PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the backurl parameter in the alertlocation function within the...
EUVD-2025-25206
Malicious code in bioql PyPI...
EUVD-2022-31630
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the comliferayjournalwebportletJournalPortletbackURL parameter, which allows injection of malicious JavaScript code...
Linux Distros Unpatched Vulnerability : CVE-2024-45699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection o...
CVE-2025-43737
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...
CVE-2025-43737
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...
PT-2025-33824 · Liferay · Liferay Portal 7.4.3.132 +4
Name of the Vulnerable Software and Affected Versions: Liferay Portal version 7.4.3.132 Liferay DXP versions 2025.Q2.0 through 2025.Q2.8 Liferay DXP versions 2025.Q1.0 through 2025.Q1.15 Description: A reflected cross-site scripting XSS vulnerability exists that allows a remote authenticated user...
ROS-20250616-24
The vulnerability of the Zabbix universal monitoring system web-integrity is related to the failure to take measures to protect the web page structure. the structure of the web page. Exploitation of the vulnerability could allow an attacker acting remotely, conduct a cross-site scripting attack b...
CVE-2022-27090
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter...
CVE-2020-20982
Cross Site Scripting XSS vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php...
SUSE CVE-2024-45699
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...