CVE-2025-62243

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

GHSA-894W-W643-QVXV Liferay Publications is vulnerable to Incorrect Authorization

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

CVE-2025-62243

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

CVE-2025-62243

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

WooCommerce < 8.4.0 - Reflected Cross-Site Scripting

Description The plugin does not properly sanitize user-input provided by the addqueryarg function when echoed back into JavaScript code context. http://vulnerable-site.tld/wp-admin/edit-comments.php?%27;alert1//...

proxmox-widget-toolkit Cross-Site Scripting Vulnerability

proxmox-widget-toolkit is an open source toolkit for proxmox. A cross-site scripting vulnerability exists in Proxmox proxmox-widget-toolkit versions prior to 4.0.9, which stems from allowing cross-site scripting attacks via the Edit Comments feature...

CVE-2021-24806

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make...

WordPress Edit Comments Plugin SQL injection (CVE-2021-24551)

An SQL injection vulnerability exists in WordPress Edit Comments plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2021-38336

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-38336

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

Cross site scripting

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-38336 Edit Comments XT <= 1.0 Reflected Cross-Site Scripting

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-38336

CVE-2021-38336 affects the WordPress plugin Edit Comments XT (versions up to and including 1.0). The root cause is a reflected Cross-Site Scripting (XSS) vulnerability caused by a reflected $_SERVER["PHP_SELF"] value in the file ~/edit-comments-xt.php, enabling attackers to inject arbitrary web s...

CVE-2021-38336 Edit Comments XT <= 1.0 Reflected Cross-Site Scripting

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Edit Comments XT <= 1.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts...

WordPress Edit Comments XT plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Edit Comments XT plugin versions = 1.0. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

CVE-2021-24551

The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jaleditcomments GET parameter before using it in a SQL statement, leading to a SQL injection issue...

CVE-2021-24551

CVE-2021-24551 affects the WordPress Edit Comments plugin (version