CVE-2022-27258

CVE-2022-27258 corresponds to multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla up to version 7.0.3. The issue arises from the rpath parameter, enabling a remote attacker to include arbitrary web script or HTML. Affected product: Hubzilla (core) prior to 7.0.3. Root cause details ar...

Social Codia SMS Cross-Site Scripting Vulnerability

Social Codia SMS is an inventory management system from Social Codia India. v1.0 of Social Codia SMS is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary Web script or HTML by injecting a specially crafted payload into the post title text...

CVE-2020-25158

A reflected cross-site scripting XSS vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations...

CVE-2020-25158 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A reflected cross-site scripting XSS vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations...

AeroCMS Cross-Site Scripting Vulnerability

AeroCMS is a content management system from AeroCMS, Inc. A cross-site scripting vulnerability exists in AeroCMS v0.0.1, which can be exploited by attackers to execute arbitrary Web script or HTML by injecting a specially crafted payload into the post title text field...

AeroCMS Cross-Site Scripting Vulnerability (CNVD-2022-30784)

AeroCMS is a content management system from AeroCMS, Inc. A cross-site scripting vulnerability exists in AeroCMS v0.0.1, which can be exploited to execute arbitrary Web script or HTML by injecting a specially crafted payload into the "comment" text field...

Cross site scripting

There is a Cross Site Scripting XSS vulnerability in SpotPagelogin.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the dataperformredirect parameter...

CVE-2021-43725

Removed by vendor...

Online Project Time Management System Cross-Site Scripting Vulnerability

Online Project Time Management System is a web-based online project time management system that provides an online platform for a company's employees to report/record their assigned time or the time each project is resubmitted. online project time management system A cross-site scripting...

Ex libris ALEPH 500 Cross-Site Scripting Vulnerability

Ex libris ALEPH 500 is an integrated library system from the Israeli company Ex libris. ex libris ALEPH 500 v18.1 and v20 versions are vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2022-19498)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

CVE-2021-38269

Cross-site scripting XSS vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell...

Cross site scripting

Cross-site scripting XSS vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the comliferayblogswebportletBlogsAdminPortlettitle and...

Cross site scripting

Cross-site scripting XSS vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell...

Htmly Cross-Site Scripting Vulnerability (CNVD-2022-73492)

Htmly is a PHP-based blogging platform. version 2.8.1 of Htmly is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary web script HTML via a specially crafted payload in the blog post content field...

CVE-2021-38269

The CVE-2021-38269 affects the Gogo Shell module in Liferay Portal (versions 7.1.0–7.3.6 and 7.4.0) and Liferay DXP (7.1 before fix pack 23, 7.2 before fix pack 13, 7.3 before fix pack 2). It enables remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command, i...

CVE-2021-38264

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...

CVE-2021-38265

CVE-2021-38265 is an XSS vulnerability in the Asset module of Liferay Portal, affecting version 7.3.4–7.3.6. An attacker can remotely inject arbitrary web script or HTML when creating a collection page using the parameter _com_liferay_asset_list_web_portlet_AssetListPortlet_title. The connected d...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php...

Cross-site Scripting in Ericsson CodeChecker

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...