27433 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...
CVE-2023-3193
Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...
CVE-2023-34666
Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...
CVE-2023-34666
Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...
Cross-site Scripting (XSS)
com.liferay.layout.taglib is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the layout module, which allows an attacker to inject and execute malicious web script or HTML via a crafted payload into a container-type layout fragment's URL text field...
GD Mail Queue < 4.0 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sufficiently sanitize input and escape output of email contents, resulting in a potential for arbitrary web script injection by unauthenticated users...
Cross-site Scripting (XSS)
com.liferay.portal.search.web is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the modified facet widget, which allows an attacker to inject and execute malicious web script or HTML via a crafted payload through the facet label...
CVE-2023-26842
A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...
CVE-2023-26842
A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...
Cross site scripting
A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...
CVE-2023-1661
The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2023-26842
A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...
IceCMS Cross-Site Scripting Vulnerability
IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . IceCMS v1.0.0 version exists cross-site scripting vulnerability, the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping, an attacker can...
CVE-2023-33780
A stored cross-site scripting XSS vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article...
GHSA-PFWC-4FRF-4GF8 Cross-site scripting in Liferay Portal
Cross-site scripting XSS vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's UR...
CVE-2023-33944
Cross-site scripting XSS vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's UR...
GHSA-MVFV-W3FQ-XP67 Cross-site scripting in Liferay Portal
Multiple cross-site scripting XSS vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the 1 code, or 2...
GHSA-WV99-WMPF-JRQR Cross-site scripting in Liferay Portal
Cross-site scripting XSS vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title field...
GHSA-53MW-69QX-Q4FC Cross-site scripting in Liferay Portal
Cross-site scripting XSS vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted...
GHSA-WVHW-5M89-64GV Cross-site scripting in Liferay Portal
Cross-site scripting XSS vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object...