CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4574 matches found

Cvelist•added 2025/10/08 10:4 p.m.•9 views

CVE-2017-20202 Web Developer for Chrome v0.4.9 Malicious Backdoor Supply Chain Compromise

Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to...

9.3CVSS0.00116EPSS

Exploits0References6

Github Security Blog•added 2025/10/08 3:32 p.m.•5 views

Liferay Portal is vulnerable to XSS through its Commerce Product's Name text field

Cross-site Scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

5.4CVSS5.8AI score0.00031EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2025/10/08 1:11 p.m.•2 views

CVE-2025-43830

Stored cross-site scripting XSS vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a...

5.1CVSS5AI score0.00031EPSS

Exploits0References1

Cvelist•added 2025/10/08 12:53 p.m.•5 views

CVE-2025-43821

Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

4.8CVSS0.00031EPSS

Exploits0References1

Positive Technologies•added 2025/10/08 12:0 a.m.•3 views

PT-2025-41263

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.102 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Description The Notifications widget contains multiple cross-site scripting XSS issues. Thes...

4.8CVSS5.9AI score0.00031EPSS

Exploits0References6

Positive Technologies•added 2025/10/08 12:0 a.m.•3 views

PT-2025-41253

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Description A cross-site scripting XSS issue exists in the Commerce Product Comparison Table...

4.8CVSS5.5AI score0.00031EPSS

Exploits0References6

Positive Technologies•added 2025/10/08 12:0 a.m.•2 views

PT-2025-41313

Name of the Vulnerable Software and Affected Versions Web Developer for Chrome versions prior to 0.5.0 Description The Web Developer for Chrome extension contained malicious code that generated a domain using a domain generation algorithm DGA and retrieved a remote script. This script loaded...

9.3CVSS7.3AI score0.00116EPSS

Exploits0References8

NVD•added 2025/10/07 12:15 p.m.•3 views

CVE-2025-11390

A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php of the component POST Parameter Handler. Executing a manipulation of the argument searchdata can lead to cross site scripting. The atta...

6.1CVSS0.00052EPSS

Exploits1References6