BIT-LIFERAY-2023-33937

Stored cross-site scripting XSS vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's name fiel...

BIT-LIFERAY-2023-33940

Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...

BIT-LIFERAY-2023-33943

Cross-site scripting XSS vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's 1 First Name, 2 Middle Name, 3 Last Name, ...

BIT-LIFERAY-2023-33944

Cross-site scripting XSS vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's UR...

BIT-LIFERAY-2023-42629

Stored cross-site scripting XSS vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field...

BIT-LIFERAY-2023-44311

Multiple reflected cross-site scripting XSS vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via t...

TOTOLINK N200RE 安全漏洞

The TOTOLINK N200RE is a wireless router for the SOHO market. The TOTOLINK N200RE suffers from a buffer overflow vulnerability that originates from a stack-based buffer overflow in the main function of //cgi-bin/cstecgi.cgi. No detailed vulnerability details are provided at this time...

Stupid Simple CMS Cross-Site Scripting Vulnerability

Stupid Simple CMS is a content management system. Stupid Simple CMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary web script or HTML by...

Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability

Simple Online Hotel Reservation System is an online hotel reservation system. A cross-site scripting vulnerability exists in Simple Online Hotel Reservation System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the addreserve.php file, and can ...

Rockwell FactoryTalk Activation Manager < 4.02 XSS

The version of Rockwell FactoryTalk Activation Manager installed on the remote Windows host is prior to 4.02. It is, therefore, affected by a vulnerability. - A Cross-Site Scripting XSS vulnerability was found in certain versions of Wibu-Systems CodeMeter that may allow local attackers to inject...

Cross site scripting

Multiple reflected cross-site scripting XSS vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML...

CVE-2023-51946

Multiple reflected cross-site scripting XSS vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML...

CVE-2023-48858

The CVE-2023-48858 issue is a Cross-site Scripting (XSS) vulnerability in ABO.CMS 5.9, specifically in login.php, allowing remote attackers to inject arbitrary script via the login.php? URL. Connected sources confirm affected product ABO.CMS 5.9 and login-page code as the root cause; exploitation...

CVE-2023-48858

A Cross-site scripting XSS vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part...

WordPress Plugin WCFM Marketplace Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin WCFM Marketplace, which stems from the application's lack of effective filteri...

Inventory Management System Cross-Site Scripting Vulnerability

Inventory Management System is an inventory management system. A cross-site scripting vulnerability exists in Inventory Management System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter newitem in the component New Item Creation...

Cross-site Scripting in JFinal

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...

Cross-site Scripting in JFinal

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22493

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22492

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...