CVE-2025-43821

Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Commerce Product Comparison Table widget when user-supplied input is injected into the Name text field of a Commerce Product. An attacker can execute arbitrary web scripts in the context of the user's...

CVE-2025-43821

Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

CVE-2025-43821

CVE-2025-43821 concerns an XSS vulnerability in the Liferay Commerce Product Comparison Table widget. Affected: Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q3.8, 2023.Q4.0–2023.Q4.5, and 7.4 GA through update 92. The flaw arises when user-supplied data is inserted into the Comme...

PT-2025-41253

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Description A cross-site scripting XSS issue exists in the Commerce Product Comparison Table...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

EUVD-2025-23287

Malicious code in bioql PyPI...

CVE-2025-50847

Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...

CVE-2025-50847

Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...

CVE-2025-50847

Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...

PT-2025-31553 · Cs Cart · Cs-Cart

Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: A Cross Site Request Forgery CSRF issue exists in CS Cart. Attackers can add products to a user's comparison list by sending a specially crafted HTTP request. Recommendations: Update to a newer version that...

CVE-2025-50847

Cross Site Request Forgery CSRF vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request...

Vulnerability Management Product Comparisons (October 2019)

Here I combined two posts 1.2 from my telegram channel about comparisons of Vulnerability Management products that were recently published in October 2019. One of them was more marketing, published by Forrester, the other was more technical and published by Principled Technologies. I had some...