25 matches found
CVE-2023-43345
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component...
Cross-Site Scripting (XSS)
Liferay Portal is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the Web Content Structure Name field, which allows an attacker to inject arbitrary HTML or script code for execution...
GHSA-Q8FJ-76Q7-4P7H Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields
Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...
Cross-site Scripting (XSS)
Overview com.liferay:com.liferay.asset.publisher.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notifications widget when processing user-supplied input in text fields such as First Name, Middle Name, Last Name, Other Reason, or t...
CVE-2025-43771
Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...
CVE-2025-43771
Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...
CVE-2025-43771
Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...
EUVD-2025-33163
Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...
CVE-2025-43771
CVE-2025-43771 affects Liferay Portal/DXP: multiple XSS vulnerabilities in the Notifications widget (First/Middle/Last Name, Other Reason, or content name) across Liferay Portal 7.4.3.102–7.4.3.111 and Liferay DXP 2023.Q3.1–Q3.10, 2023.Q4.0–Q4.5. Root cause is improper input handling in the Notif...
CVE-2025-43771
Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...
EUVD-2023-47762
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
ibexa/admin-ui is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization in the Content name pattern mechanism, which is used to build Content names from one or more fields. Exploitation requires Content edit permissions, allowing an attacker to inject malicio...
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Impact The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. Patches - See "Patched versions. -...
GHSA-8W3P-GF85-QCCH Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Impact The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. Patches - See "Patched versions. -...
CVE-2024-53864
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...
CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...
CVE-2024-53864
CVE-2024-53864 describes an XSS vulnerability in the Ibexa Admin UI Bundle, specifically in the Content name pattern mechanism used to build content names from multiple fields. Exploitation requires content edit permissions, and the issue allows injection of malicious scripts via the Content name...
CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...
Ibexa Admin UI 跨站脚本漏洞
Ibexa Admin UI is an open source UI interface for Ibexa. It is dedicated to the Ibexa Admin UI Bundle. A cross-site scripting vulnerability exists in Ibexa Admin UI versions prior to v4.6.14, which stems from a cross-site scripting vulnerability in the content name schema...
CVE-2023-43345
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component...