CVE-2025-26159

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting XSS in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper handling of radio button type custom fields, allowing remote authenticated attackers to inject malicious JavaScript into a page...

CVE-2025-2703

A DOM-based Cross-site scripting vulnerability exists in Grafana's built-in XY Chart plugin. This flaw allows an attacker with editor-level privileges to inject and execute arbitrary JavaScript code by editing an XY Chart Panel. The vulnerability bypasses the Content Security Policy, allowing the...

GHSA-FPX3-H2PC-88VF Laravel Starter Cross Site Scripting (XSS)

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting XSS in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field...

CVE-2025-26159

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting XSS in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field...

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

The vulnerability of the doUpdate function in the web interface of TP-Link’s router software, TL-WR841N, allows a hacker to inject any JavaScript code.

The vulnerability of the doUpdate function in the web interface of TP-Link’s router software, the TL-WR841N, is related to a deficiency in the upnpTbl filter parameter when accessing the UPnP.html web page. Exploiting this vulnerability allows an attacker to inject arbitrary JavaScript code by...

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from cross-site scripting in the title subfield of the image field in the Create/Modify article function, which could lead to the injection of a javascript...

SAP NetWeaver Application Server ABAP Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server ABAP is an application server from SAP in Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP, which arises from insufficiently encoded input, allowing an attacker to inject malicious JavaScript.No details of the...

CVE-2025-24297

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...

GHSA-QHP6-VP7C-G7XP Liferay Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

Liferay Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-3760

CVE-2025-3760 is a stored XSS vulnerability in Liferay Portal (radio button type custom fields) affecting Portal 7.2.0–7.4.3.129 and Liferay DXP 2024.Q1–Q4, 2023 Q3–Q4, and related GA/update branches. The underlying issue is injection of malicious JavaScript into a page by remote authenticated at...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-1983

A cross-site scripting XSS vulnerability in Ready's File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file...

CVE-2025-1983 Stored Cross-Site Scripting in Ready_

A cross-site scripting XSS vulnerability in Ready's File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file...

CVE-2025-24297

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...