27433 matches found
CVE-2022-45028
A cross-site scripting XSS vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha...
CVE-2022-45769
A cross-site scripting XSS vulnerability in ClicShoppingV3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module...
Cross site scripting
Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in...
CVE-2019-18265
Digital Alert Systems’ DASDEC software prior to version 4.1 is affected by CVE-2019-18265, an XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the login page’s SSH username field or the HTTP Host header. The injected content is stored in logs and rendered ...
WSO2 Identity Server Cross Site Scripting (CVE-2018-8716)
A cross-site scripting vulnerability exists in WSO2 Identity Server. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Super Flexible Software Syncovery Cross-site Scripting (CVE-2022-36533)
A cross-site scripting vulnerability exists in Super Flexible Software Syncovery. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Grafana Cross-Site Scripting (CVE-2022-31097)
A cross-site scripting vulnerability exists in Grafana. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Atmosphere Java Framework Reflected Cross-Site Scripting
A cross-site scripting vulnerability exists in Atmosphere. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
CVE-2022-42118
A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...
CVE-2022-42118
A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...
CVE-2022-42111
A Cross-site scripting XSS vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload...
CVE-2022-42111
A Cross-site scripting XSS vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload...
Cross site scripting
A Cross-site scripting XSS vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload...
CVE-2022-42110
A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...
Cross site scripting
A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...
CVE-2022-42118
A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...
CVE-2022-42111
CVE-2022-42111 is an XSS flaw in the Sharing module’s user notification in Liferay Portal 7.2.1–7.4.2 and Liferay DXP 7.2 (pre-FP19) and 7.3 (pre-Update 4). A crafted asset sharing payload enables remote script/HTML injection. Affected components: Sharing module, user notification; root cause: im...
CVE-2022-42118
The CVE-2022-42118 XSS flaw affects Liferay Portal 7.1.0–7.4.2 and Liferay DXP 7.1 (before fix pack 27), 7.2 (before fix pack 15), and 7.3 (before service pack 3) in the Portal Search module via the tag parameter. Exploitation can inject arbitrary script/HTML, potentially stealing credentials or ...
CVE-2022-44390
A cross-site scripting XSS vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field...