16 matches found
CVE-2023-53906
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...
CVE-2023-53906
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...
CVE-2023-53906
CVE-2023-53906 (projectSend r1605) is a stored cross-site scripting vulnerability where authenticated administrators can inject JavaScript via the custom assets configuration page. A payload placed in the custom assets section executes when other users load the affected page, enabling persistent ...
CVE-2023-53906 ProjectSend r1605 Stored Cross-Site Scripting via Custom Assets Page
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...
CVE-2023-53906 ProjectSend r1605 Stored Cross-Site Scripting via Custom Assets Page
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...
PT-2025-51944
Name of the Vulnerable Software and Affected Versions projectSend version r1605 Description The software contains a stored cross-site scripting issue. Authenticated administrators can inject malicious JavaScript through the custom assets configuration page. An attacker can create a JavaScript...
CVE-2025-65952 Console is vulnerable to path traversal regarding custom assets
Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This...
CVE-2025-65952 Console is vulnerable to path traversal regarding custom assets
Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This...
CVE-2025-65952 Console is vulnerable to path traversal regarding custom assets
Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This...
CVE-2025-65952
CVE-2025-65952 concerns Gorilla Tag’s Console component. Prior to version 2.8.0, a path traversal flaw arises from complex combinations of backslashes and periods that can escape the Gorilla Tag path and write to unintended directories. Red Hat and other feeds corroborate the vulnerability descri...
Cross-site Scripting (XSS)
com.liferay, com.liferay.dynamic.data.mapping.form.field.type is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in "Rich Text" type fields within web content structures, document types, or custom assets using the Data Engine module,...
CVE-2025-43791
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via a "Rich Text" field when processing user-supplied input in web content structures, document types, or custom assets. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...
CVE-2025-43791
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...
projectSend r1605 - Stored XSS
Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...
Valve: Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation
A malformed .TGA when loaded as a Skybox on a map in a GoldSRC engine game Half-Life can lead to arbitrary code execution on a remote client. Reproduction Steps Load the attached map + resources on a local Half-Life listen server. The game will crash with an Access Violation as soon as the map wi...