CVE-2026-5635

CVE-2026-5635 affects PHPGurukul Online Shopping Portal Project 2.1. The vulnerability is in the Parameter Handler’s /categorywise-products.php, where manipulating the cid parameter leads to SQL injection. Attacks can be launched remotely and the exploit has been released publicly. Concrete remed...

EUVD-2019-19823

Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email...

CVE-2025-61074

Affected product: adata Software GmbH Mitarbeiter Portal 2.15.2.0 (SchwarzeBrett bulletin board). Vulnerability: Stored XSS in the Inhalts parameter of CreateNachricht and EditNachricht endpoints, exploitable by remote authenticated users to run arbitrary JavaScript in other users’ browsers. Impa...

CVE-2025-65647

CVE-2025-65647 applies to PHPGURUKUL Online Shopping Portal 2.1, where an Insecure Direct Object Reference (IDOR) in the Track order function allows information disclosure via the oid parameter. The vulnerability stems from insufficient access control when referencing data sent from the client as...

Vulnerabilites

Vendor Acknowledgment & Coordination...

PT-2025-47199

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal version 2.0 Description The PHPGurukul Online Shopping Portal is susceptible to a Cross Site Scripting XSS issue. This flaw is located in the my-cart.php file and specifically affects the quantity parameter...

PT-2025-47198

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal version 2.0 Description The PHPGurukul Online Shopping Portal version 2.0 is susceptible to SQL Injection. This issue affects the username parameter within the admin page. Exploitation of this flaw could allow...

PT-2025-47202

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal version 2.0 Description The PHPGurukul Online Shopping Portal 2.0 is susceptible to SQL Injection due to improper handling of the email parameter in the forgot-password.php script. Successful exploitation allo...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Liferay Portal is vulnerable to XSS attack through its search bar portlet

A reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web script or HTML via the URL in search bar...

CVE-2025-43774

...

PT-2025-36461

CVE ID: CVE-2025-0004 Published: 2025-04-12T00:00:00.000Z Severity: MEDIUM 6.1/10 Description Cross-site scripting XSS vulnerability in the user management interface of Enterprise Portal v2.3.0 allows attackers to inject arbitrary web scripts. Root Cause Improper neutralization of input during we...

GHSA-H8GX-4HHM-W45V Liferay Portal stored cross-site scripting in text field of the web content structure

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject...

CVE-2025-43769

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via...

Liferay Portal和Liferay DXP 代码问题漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-34504 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.86 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.9 Liferay Portal versions 7.4 update 86...

PT-2025-34502 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.15 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

PT-2025-34240 · Liferay · Liferay Dxp 2024.Q1.19 +6

Name of the Vulnerable Software and Affected Versions: Liferay Portal version 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.15 Liferay DXP versions 2025.Q2.0 through 2025.Q2.2 Liferay DXP versions 2024.Q1.13 through 2024.Q1.19 Description: A reflected cross-site scripting XSS...