CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Drupal•added 2025/08/27 12:0 a.m.•7 views

Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099

6.5CVSS5.6AI score0.00039EPSS

Exploits0References5

OSV•added 2025/08/14 6:52 p.m.•0 views

MAL-2025-20146 Malicious code in facet-cli (npm)

The package facet-cli was found to contain malicious code...

7.2AI score

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•1 views

Malicious code in facet-cli (npm)

The package facet-cli was found to contain malicious code...

RedhatCVE•added 2025/05/23 1:5 a.m.•2 views

CVE-2022-28979

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute...

6.1CVSS6.1AI score0.003EPSS

OSSF Malicious Packages•added 2024/12/09 12:41 a.m.•0 views

Malicious code in facet-mmleditor (npm)

--- -= Per source details. Do not edit below this line.=-...

OSV•added 2024/12/09 12:41 a.m.•2 views

MAL-2024-11358 Malicious code in facet-mmleditor (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

OSSF Malicious Packages•added 2024/12/08 9:58 p.m.•0 views

Malicious code in @facetca/facet-ruler (npm)

--- -= Per source details. Do not edit below this line.=-...

OSSF Malicious Packages•added 2024/10/01 1:25 p.m.•2 views

Malicious code in @facetca/facet-mmleditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3afa70fa6de6ec83d479072d976210414be16f6e5f35019f8aadd2e0c6c4ec91 The OpenSSF Package Analysis project identified '@facetca/facet-mmleditor' @ 3.0.3 npm as malicious. It is considered malicious because: - The...

6.9AI score

Vulnrichment•added 2024/04/10 7:53 p.m.•21 views

CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...

9.9CVSS7.8AI score0.60063EPSS

Exploits1References8

Veracode•added 2023/06/06 10:40 a.m.•24 views

Cross-site Scripting (XSS)

com.liferay.portal.search.web is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the modified facet widget, which allows an attacker to inject and execute malicious web script or HTML via a crafted payload through the facet label...

5.4CVSS6.3AI score0.00296EPSS

Exploits0References3Affected Software1

NVD•added 2023/05/24 2:15 p.m.•11 views

CVE-2023-33939

Cross-site scripting XSS vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted...

5.4CVSS5.3AI score0.00296EPSS

OSV•added 2023/05/24 2:15 p.m.•14 views

CVE-2023-33939

5.4CVSS6AI score0.00296EPSS

Positive Technologies•added 2023/05/24 12:0 a.m.•1 views

PT-2023-24580

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.1.0 through 7.4.3.12 Liferay DXP versions 7.1.0 through 7.1 before fix pack 27 Liferay DXP versions 7.2.0 through 7.2 before fix pack 18 Liferay DXP versions 7.3.0 through 7.3 before update 4 Liferay DXP versions 7.4....

5.4CVSS6.2AI score0.00296EPSS

Exploits0References8

CNNVD•added 2023/05/24 12:0 a.m.•0 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

5.4CVSS6AI score0.00296EPSS

Exploits0References2

Code423n4•added 2022/11/09 12:0 a.m.•6 views

uint16 type for the facet position and selector position

Lines of code Vulnerability details Description In the Diamond library there is uint16 type used for the facet position and selector position in the FacetToSelectors and SelectorToFacet structs. That creates a restriction that the number of facets is limited by 2^16. In case when the number of...

7.1AI score

Code423n4•added 2022/10/31 12:0 a.m.•6 views

May introduce an invalid Facet into the system

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The saveFacetIfNew has not checked if the newly introduced facet is valid or not a valid contract, therefore, an invalid address might be added as a facet. according to Solidity documentation, "If the...