PT-2026-31780

Name of the Vulnerable Software and Affected Versions PraisonAIAgents versions prior to 1.5.128 Description PraisonAIAgents is a multi-agent teams system. The memory hooks executor in PraisonAIAgents passes a user-controlled command string directly to subprocess.run with shell=True at...

CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

An attacker can acheive Full Account Takeover & Privilege Escalation via Stored DOM Blind XSS on public-facing landing pages through the System Settings Company Information section which allows the injection of XSS payloads...

GHSA-5GHQ-42RG-769X CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

An attacker can acheive Full Account Takeover & Privilege Escalation via Stored DOM Blind XSS on public-facing landing pages through the System Settings Company Information section which allows the injection of XSS payloads...

GHSA-458R-H248-29C5 CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Page Management Fields Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Page Creation and Editing Inputs Description The application fails to properly sanitize user-controlled input within the Page Management functionality when...

CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Posts Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Post Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Posts to navigation menus throu...

Cross-Site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing features, which allows an attacker with back-office editor or administrator privilege...

Cross-Site Scripting (XSS)

ibexa/admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-generated content, allowing attackers with Editor or Administrator privileges to inject persistent XSS payloads that can later execute in the front office...

CVE-2024-3509

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

GHSA-F99H-H678-FGG4 Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet

In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will...