Lucene search
K

27433 matches found

Cvelist
Cvelist
added 2022/11/14 12:0 a.m.30 views

CVE-2022-42110

A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

6.2AI score0.00562EPSS
Exploits0References2
NVD
NVD
added 2022/11/08 10:15 p.m.28 views

CVE-2022-41260

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...

6.1CVSS0.00412EPSS
Exploits0References2
Prion
Prion
added 2022/11/08 10:15 p.m.21 views

Design/Logic Flaw

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...

5.8CVSS6.2AI score0.00412EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/08 12:0 a.m.5 views

CVE-2022-41260

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...

6.1CVSS6.7AI score0.00412EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/08 12:0 a.m.32 views

CVE-2022-41260

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...

6.1CVSS6.4AI score0.00412EPSS
Exploits0References2
CVE
CVE
added 2022/11/08 12:0 a.m.62 views

CVE-2022-41260

CVE-2022-41260 affects SAP Financial Consolidation version 1010. The vulnerability arises from insufficient encoding of user-controlled input, enabling an unauthenticated attacker to inject a web script via a GET request. Successful exploitation could lead to viewing or modifying information, wit...

6.1CVSS6.1AI score0.00412EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/28 12:0 a.m.6 views

CVE-2022-43170

A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...

5.2AI score0.00874EPSS
Exploits1References1
NVD
NVD
added 2022/10/27 6:15 p.m.16 views

CVE-2022-42054

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

5.4CVSS0.00451EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2022/10/27 12:0 a.m.1 views

Supervene RazDC WebUI Cross-Site Scripting (CVE-2018-15550)

A cross-site scripting vulnerability exists in Supervene. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

5.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/10/19 12:0 p.m.5 views

Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget before 6.0.45 from Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via...

5.4CVSS6AI score0.00484EPSS
Exploits0References7Affected Software2
Check Point Advisories
Check Point Advisories
added 2022/10/19 12:0 a.m.11 views

jQuery UI Cross-site Scripting (CVE-2021-41184)

A cross-site scripting vulnerability exists in jQuery UI. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

4.3CVSS4.9AI score0.42847EPSS
Exploits2
OSV
OSV
added 2022/10/18 9:15 p.m.18 views

CVE-2022-42116

A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the 1 name, or 2 namespace...

6.1CVSS5.9AI score0.00501EPSS
Exploits0References2
OSV
OSV
added 2022/10/18 9:15 p.m.28 views

CVE-2022-42113

A Cross-site scripting XSS vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...

6.1CVSS5.9AI score0.00501EPSS
Exploits0References2
OSV
OSV
added 2022/10/18 9:15 p.m.19 views

CVE-2022-42112

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

5.4CVSS5.8AI score0.00484EPSS
Exploits0References2
Prion
Prion
added 2022/10/18 9:15 p.m.14 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...

5.8CVSS6.1AI score0.00501EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2022/10/18 9:15 p.m.16 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the 1 name, or 2 namespace...

5.8CVSS6AI score0.00501EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2022/10/18 9:15 p.m.16 views

Cross site scripting

A Cross-site scripting XSS vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...

5.8CVSS6AI score0.00501EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2022/10/18 12:0 a.m.4 views

CVE-2022-42114

A Cross-site scripting XSS vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML...

6.3AI score0.00484EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/18 12:0 a.m.4 views

CVE-2022-42117

A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...

6.1AI score0.00501EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.4 views

PT-2022-25879 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint. Recommendations: For...

5.4CVSS5.6AI score0.00384EPSS
Exploits1References4
Rows per page
Query Builder