CVE-2026-43108

In CVE-2026-43108, the issue is in the Linux kernel's Qualcomm SoC PD-mapper component. The root cause is a mismatch between the declared length of a string element in servreg_loc_pfr_req_ei and the reason field of servreg_loc_pfr_req, which can trigger decoding errors during PD crashes. The conc...

CVE-2021-47905

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...

CVE-2021-47905

CVE-2021-47905 concerns the MyBB Delete Account Plugin (v1.4) with a stored/reflected-like cross-site scripting flaw in the account deletion reason input field. The vulnerability allows an attacker to inject malicious scripts that can execute in the admin interface when viewing delete account rea...

CVE-2021-47905 MyBB Delete Account Plugin 1.4 - Cross-Site Scripting

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...

MyBB_Plugin-Delete_Account security vulnerability

MyBBPlugin-DeleteAccount is a MyBB plugin developed by Vintagedaddyo. Version 1.4 of MyBBPlugin-DeleteAccount contains a security vulnerability. This vulnerability stems from the input field used for specifying the reason for account deletion, which has a cross-site scripting vulnerability,...

CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

CVE-2023-24081

Multiple stored cross-site scripting XSS vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page...

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A cross-site scripting vulnerability exists in Netgate pfSense CE versions prior to 2.8.0 beta, which stems from a cross-si...

CVE-2023-24081

Multiple stored cross-site scripting XSS vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page...

PT-2023-19393 · Redrock · Tutortrac

Name of the Vulnerable Software and Affected Versions: Redrock Software TutorTrac versions prior to 4.2.170210 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page. This is a...