CVE-2026-39390

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting cMap field in compInfosPost sanitizes input using striptags with an allowlist and regex-based removal of...

Malicious code in frontend-js-state-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 770e7ef9c670e6c188650363a084728f7827f49ab63d6fb9aa57f6e4cfd07dbf The package frontend-js-state-web was found to contain malicious code. Source: ghsa-malware...

MAL-2026-680 Malicious code in frontend-js-state-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 770e7ef9c670e6c188650363a084728f7827f49ab63d6fb9aa57f6e4cfd07dbf The package frontend-js-state-web was found to contain malicious code. Source: ghsa-malware...

MAL-2025-20971 Malicious code in frontend-js-web-component (npm)

The package frontend-js-web-component was found to contain malicious code...

Cross-Site Scripting (XSS)

com.liferay.portal, release.dxp.bom, com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the toastData parameter in the Frontend JS module's layout-taglib/liferay/index.js, allows attackers to inject arbitrar...

Liferay DXP XSS (CVE-2025-2536)

The detected install of Liferay DXP is affected by a cross-site scripting XSS vulnerability in the Frontend JS module's layout-taglib/liferay/index.js that allows remote attackers to inject arbitrary web script or HTML via toastData parameter Note that Nessus has not tested for this issue but has...

GHSA-HRC4-P2H3-PJQW Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's...

PT-2025-11960

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.82 through 7.4.3.128 Liferay DXP versions 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92...

PT-2024-21322 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.37 Liferay DXP versions prior to 7.4 update 38 Liferay DXP versions prior to 7.3 update 11 Liferay DXP versions prior to 7.2 fix pack 20 Description: A cross-site scripting XSS issue in the Frontend...

LYNX Technik Yellobrik PEC-1864 安全漏洞

The LYNX Technik Yellobrik PEC-1864 is a versatile and compact SDI/HDMI H.264 streamer and recorder from LYNX Technik. A security vulnerability exists in the LYNX Technik Yellobrik PEC-1864 version, which stems from an authentication check implemented via javascript in the front-end interface,...