CVE-2025-43819

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old...

CVE-2025-43819

CVE-2025-43819 affects Liferay Portal (7.3.3.131–7.4.3.121) and Liferay DXP (2024.Q1.1–Q4.3 across 2024.Q1–Q4). Root cause is Insufficient Session Expiration via the SLO API, allowing remote, unauthenticated attackers to reuse a stale session and gain an authenticated context. Impact is potential...

Liferay Portal和Liferay DXP 代码问题漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Login-Logout versions = 3.8...

CVE-2025-53467

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Login-Logout login-logout allows Stored XSS.This issue affects Login-Logout: from n/a through = 3.8...

CVE-2025-53467 WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Login-Logout login-logout allows Stored XSS.This issue affects Login-Logout: from n/a through = 3.8...

CVE-2025-53467

CVE-2025-53467 is a Stored XSS in WordPress plugin Login-Logout (Login-Logout). The flaw stems from improper neutralization of input during web page generation, enabling attacker-supplied script injection that persists in the page context. According to the CVSS 3.1 data, the vulnerability has a N...

CVE-2025-53467 WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Login-Logout login-logout allows Stored XSS.This issue affects Login-Logout: from n/a through = 3.8...

WordPress plugin Login-Logout 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-39003

Name of the Vulnerable Software and Affected Versions webvitaly Login-Logout versions through 3.8 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious...

CVE-2025-10708

A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /history/historyDownload.do;usrlogout.do. The manipulation of the argument fileName leads to path traversal. Remote...

PT-2025-38526

Name of the Vulnerable Software and Affected Versions Four-Faith Water Conservancy Informatization Platform version 1.0 Description A security vulnerability has been detected due to path traversal. The manipulation of the argument fileName in an unknown functionality of the file...

CLSA-2025-1758019011 Fix of 17 CVEs

CVE-2024-50047 fix. // CVE-url: https://ubuntu.com/security/CVE-2025-38488 - smb: client: fix use-after-free in cryptmessage when using async crypto CVE-url: https://ubuntu.com/security/CVE-2024-57996 // CVE-url: https://ubuntu.com/security/CVE-2025-37752 - netsched: schsfq: move the limit...

CVE-2025-10229

A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument postlogoutredirecturi leads to open redirect. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-10229

A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument postlogoutredirecturi leads to open redirect. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-10229

CVE-2025-10229 remains a open-redirect risk in Freshwork public releases up to 1.2.3. The issue is triggered by manipulating the argument post_logout_redirect_uri in the file /api/v2/logout, enabling a remote attacker to redirect users to an attacker-controlled URL. The vulnerability has been pub...

CVE-2025-10229 Freshwork logout redirect

A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument postlogoutredirecturi leads to open redirect. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-10229 Freshwork logout redirect

A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument postlogoutredirecturi leads to open redirect. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

PT-2025-37102

Name of the Vulnerable Software and Affected Versions: Freshwork versions up to 1.2.3 Description: A vulnerability exists in Freshwork that allows for open redirection. Manipulation of the post logout redirect uri argument in the /api/v2/logout file can be exploited remotely. The exploit has been...

Freshworks Platform 输入验证错误漏洞

Freshworks Platform is a customer service software platform from Freshworks USA. An input validation error vulnerability exists in Freshworks Platform versions 1.2.3 and earlier, which stems from an open redirect due to a misbehavior of file/api/v2/logout with respect to the parameter...