CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

EUVD-2025-33163

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

EUVD-2009-5051

Malware in sbrugna...

Malicious code in gd-flag-content (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-47586 Malicious code in gd-flag-content (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

CVE-2009-5096

Cross-site scripting XSS vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter...

CVE-2009-5096

Cross-site scripting XSS vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter...

CVE-2009-5096

Cross-site scripting XSS vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter...

CVE-2009-5096

Technical details about CVE-2009-5096 are not publicly available in the provided connected documents. The Drupal Flag Content module XSS description exists, but data such as affected versions, root cause, or remediation are not corroborated here. Monitor for updates.

SA-CONTRIB-2009-076 - Flag Content Cross Site Scripting

The Flag Content module enables users to flag nodes and users for the attention of a site maintainer e.g. for abuse, spam, trolling, ...etc.. In some specific cases, the module does not sanitize before outputting the Reason field, resulting in a cross-site scripting XSS vulnerability. Such an...