CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8134 matches found

Snyk•added 2025/10/08 3:32 p.m.•3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Forms module. An attacker can execute arbitrary web scripts or inject HTML by submitting a crafted payload into a form with a rich text type field. Details Cross-site scripting or XSS is a code...

6.1CVSS5.4AI score0.00033EPSS

Exploits0References2

Github Security Blog•added 2025/10/08 3:32 p.m.•4 views

Liferay Portal is vulnerable to Stored XSS through Forms text type field

Stored cross-site scripting XSS vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a...

6.1CVSS5.5AI score0.00033EPSS

Exploits0References3Affected Software1

OSV•added 2025/10/08 3:32 p.m.•1 views

GHSA-378F-8Q54-3FQX Liferay Portal is vulnerable to Stored XSS through Forms text type field

5.1CVSS5.5AI score0.00033EPSS

Exploits0References3

NVD•added 2025/10/08 2:15 p.m.•2 views

CVE-2025-43830

6.1CVSS0.00033EPSS

Exploits0References1

Vulnrichment•added 2025/10/08 1:11 p.m.•2 views

CVE-2025-43830

5.1CVSS5AI score0.00033EPSS

Exploits0References1

Cvelist•added 2025/10/08 1:11 p.m.•6 views

CVE-2025-43830

5.1CVSS0.00033EPSS

Exploits0References1

CVE•added 2025/10/08 1:11 p.m.•12 views

CVE-2025-43830

CVE-2025-43830 describes a stored Cross-Site Scripting (XSS) vulnerability in Liferay Portal/Liferay DXP related to the rich text form field under the Forms module. Affected products include Liferay Portal 7.3.2–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q3.8, 2023.Q4.0–2023.Q4.5, with GA releases ...

6.1CVSS5AI score0.00033EPSS

Exploits0References1Affected Software2

OSV•added 2025/10/08 6:15 a.m.•1 views

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

4.8CVSS5.5AI score

Exploits0References4

Cvelist•added 2025/10/08 6:2 a.m.•8 views

CVE-2025-11437 JhumanJ OpnForm Form Editor forms cross site scripting

4.8CVSS0.00036EPSS

Exploits1References4

CNNVD•added 2025/10/08 12:0 a.m.•2 views

OpnForm 代码注入漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A code injection vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from an incorrect operation of the component Form Editor in file/api/open/forms, and could lead to a cross-site scripting attack...

4.8CVSS4.2AI score0.00036EPSS

Exploits1References4

Packet Storm News•added 2025/10/08 12:0 a.m.•2 views

Wapiti Web Application Vulnerability Scanner 3.2.6

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...

7AI score

Exploits0

Positive Technologies•added 2025/10/08 12:0 a.m.•2 views

PT-2025-41254

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.2 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.5 Description A stored cross-site scripting XSS issue exists in Forms within the software. This allows remote attackers to inject arbitrary web scri...

5.1CVSS5.4AI score0.00033EPSS

Exploits0References5

Packet Storm News•added 2025/10/08 12:0 a.m.•4 views

Wapiti Web Application Vulnerability Scanner 3.2.6 Source Code

7.2AI score

Exploits0