CVE-2023-37940

This CVE refers to a Cross-site Scripting (XSS) vulnerability in the Service Access Policy edit page of Liferay Portal and Liferay DXP. A crafted payload placed in the Service Class field can inject script/HTML, affecting Liferay Portal versions 7.0.0–7.4.3.87 and Liferay DXP 7.4 GA–update 87, an...

Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch nam...

CVE-2024-11993

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...

CVE-2024-11993

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...

CVE-2024-53283

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Router Port Forward functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing...

CVE-2024-53281

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Network WOL functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct...

CVE-2024-53279

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in file station functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensiti...

CVE-2024-53285

The CVE-2024-53285 flaw affects Synology Router Manager (SRM) versions prior to 1.3.1-9346-10, specifically within the DDNS Record component. The root cause is improper neutralization of input during web page generation, enabling Cross-site Scripting (XSS) by an administrator with full rights. Im...

CVE-2024-53284

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in WiFi Connect Setting functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing...

CVE-2024-53281

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Network WOL functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct...

CVE-2024-53279

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in file station functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensiti...

CVE-2024-53280

CVE-2024-53280 affects Synology Router Manager (SRM) up to version 1.3.1-9346-10. The vulnerability is an improper input neutralization (XSS) in the Network Center policy route functionality, enabling remote authenticated users with administrator privileges to read or write certain files containi...

CVE-2024-4633

CVE-2024-4633 affects the Slider & Popup Builder by Depicter WordPress plugin. The issue is a Stored Cross-Site Scripting vulnerability via addExtraMimeType in versions up to 3.2.1, exploitable by authenticated users with author-level permissions. The Wordfence entry confirms the vulnerability an...

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

WordPress plugin Pure CSS Circle Progress bar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

CVE-2024-51209

Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...

CVE-2024-51209

Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...

The vulnerability in the `usb_remote_smb_conf.cgi` script of Netgear R8500 router software allows a hacker to induce a service failure.

The vulnerability in the usbremotesmbconf.cgi script of Netgear R8500 router microprogramming software lies in the copying of buffers without checking the size of the input data during the processing of the sharename parameter. Exploiting this vulnerability allows a malicious actor to cause servi...

CVE-2024-52947

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...

IBM Security ReaQta Cross-Site Scripting Vulnerability

ReaQta is an advanced endpoint security platform from IBM Security that utilizes artificial intelligence and machine learning technologies to identify, manage and automate responses to cybersecurity threats. A cross-site scripting vulnerability exists in Security ReaQta that stems from the...