Follow Redirects 信息泄露漏洞

Follow Redirects is an open-source Node.js module that automatically follows HTTP redirects. Versions of Follow Redirects prior to 1.16.0 had a vulnerability related to information leakage. This vulnerability occurred when HTTP requests followed cross-domain redirects, and only authorization, pro...

CVE-2025-11160 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module vulnerability

Stored Cross-Site Scripting via Custom JS Module vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPBakery Page Builder versions = 8.6.1...

EUVD-2025-6757

Malicious code in bioql PyPI...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-5889]

Summary Node.js module brace-expansion is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

CVE-2025-43744

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

CVE-2025-2536

Cross-site scripting XSS vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's...

CVE-2025-2536

Cross-site scripting XSS vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's...

CVE-2025-2536

CVE-2025-2536 is an XSS vulnerability affecting Liferay Portal 7.4.3.82–7.4.3.128 and Liferay DXP releases up to 2024.Q3.0 (plus 2024.Q2.x, 2024.Q1.x, 2023 Q3/Q4 series). The issue resides in the Frontend JS module layout-taglib/liferay /index.js, where the toastData parameter can be used to inje...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from the US company Liferay. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A cross-site scripting vulnerability exis...

PT-2024-10084 · Drupal +1 · Drupal +1

Name of the Vulnerable Software and Affected Versions: Minify JS versions 0.0.0 through 3.0.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in the Minify JS module of the Drupal CMS system. This vulnerability can be exploited by a remote attacker to perform ...

GHSA-RWHV-HVJ2-QRQM Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-26269

Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...

Cross site scripting

Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-26269

Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...

Chrome V8 Type Confusion

Chrome: Extending non-extensible objects leads to type confusion in V8 SUMMARY v8::internal::JSObject::SetAccessor doesn't check if the receiver is extensible before adding a new property. A potential attacker can exploit the ability to extend non-extensible objects to achieve arbitrary code...

DRUPAL-CONTRIB-2022-054

The Next.js module provides an inline preview for content. Authenticated requests are made to Drupal to fetch JSON:API content and render them in an iframe from the decoupled Next.js site. The current implementation doesn’t sufficiently check access for fetching data. All requests made to Drupal...

Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module

Cross-site scripting XSS vulnerability in the Frontend JS module before version 4.0.18, in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a...

GHSA-HGJV-7WJR-QWQP Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module

Cross-site scripting XSS vulnerability in the Frontend JS module before version 4.0.18, in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a...

Oracle MySQL Cluster Denial of Service Vulnerability (CNVD-2021-57180)

MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database. A security vulnerability exists in the Cluster: JS module component in Oracle MySQL Cluster 8.0.25 and earlier. An attacker can exploit this vulnerability to cause a denial of service...