27433 matches found
CVE-2022-42110
A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...
CVE-2022-41260
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...
Design/Logic Flaw
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...
CVE-2022-41260
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...
CVE-2022-41260
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality a...
CVE-2022-41260
CVE-2022-41260 affects SAP Financial Consolidation version 1010. The vulnerability arises from insufficient encoding of user-controlled input, enabling an unauthenticated attacker to inject a web script via a GET request. Successful exploitation could lead to viewing or modifying information, wit...
CVE-2022-43170
A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...
CVE-2022-42054
Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...
Supervene RazDC WebUI Cross-Site Scripting (CVE-2018-15550)
A cross-site scripting vulnerability exists in Supervene. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module
A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget before 6.0.45 from Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via...
jQuery UI Cross-site Scripting (CVE-2021-41184)
A cross-site scripting vulnerability exists in jQuery UI. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
CVE-2022-42113
A Cross-site scripting XSS vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...
CVE-2022-42116
A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the 1 name, or 2 namespace...
CVE-2022-42112
A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...
Cross site scripting
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
Cross site scripting
A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the 1 name, or 2 namespace...
Cross site scripting
A Cross-site scripting XSS vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...
CVE-2022-42114
A Cross-site scripting XSS vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML...
CVE-2022-42117
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
PT-2022-25879 · 74Cmsse · 74Cmsse
Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint. Recommendations: For...