Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Forms module. An attacker can execute arbitrary web scripts or inject HTML by submitting a crafted payload into a form with a rich text type field. Details Cross-site scripting or XSS is a code...

CVE-2022-26594

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to 1 Forms module's form builder, or 2 App Builder module's object form...

Cross-Site Scripting (XSS)

mezzanine is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the "View Entries" feature within the Forms module, which allows an attacker to inject malicious scripts that execute in the context of another user's session...

CVE-2025-29573

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

Mezzanine CMS Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

GHSA-2544-HPCQ-6G27 Mezzanine CMS Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

CVE-2025-29573

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

PYSEC-2025-136

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

CVE-2025-29573

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

PYSEC-2025-136

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

CVE-2025-29573

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

CVE-2025-29573

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

CVE-2025-29573

Mezzanine CMS 6.0.0 exposes a Cross-Site Scripting (XSS) flaw in the Forms module’s View Entries feature. The vulnerability is tied to the EntriesForm path and can be triggered by submitting malicious filenames, enabling arbitrary JavaScript execution in an admin’s browser when affected entries a...

PT-2025-19774 · Unknown · Mezzanine Cms

Name of the Vulnerable Software and Affected Versions: Mezzanine CMS version 6.0.0 Description: A Cross-Site Scripting XSS issue exists in the "View Entries" feature within the Forms module. This allows for potential malicious script execution. Recommendations: For Mezzanine CMS version 6.0.0,...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other functions. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from the Add New Form...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to 1 Forms module's form builder, or 2 App Builder module's object form...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and more. A security vulnerability exists in Liferay Portal...

SQL Injection Vulnerability in Universal Forms Module of Semaphore CMS E-commerce System

Shining CMS e-commerce system bilingual with mobile version to php + mysql development, site installation is simple and fast. Shining CMS e-commerce system SQL injection vulnerability, attackers can use this vulnerability to obtain data content and other sensitive information...

SQL Injection Vulnerability in the Universal Forms Module of SMiCMS School Group System

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. State Micro CMS school station system universal form module SQL injection vulnerability. Attackers can use the vulnerability to obtain...

Memory Corruption Vulnerability in SoftZone Office Forms Easy Module Handling xls Files

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A memory corruption vulnerability exists in the SoftZone Office Forms Easy module PlanMaker.exe when processing xls files. An attacker can...