Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Webkul Qloapps 1.5.2 Cross Site Scripting

Webkul Qloapps version 1.5.2 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#linux#git#php#auth
eScan Management Console 14.0.1400.2281 Cross Site Scripting

eScan Management Console version 14.0.1400.2281 suffers from a cross site scripting vulnerability.

CVE-2023-33941: CVE-2023-33941 Reflected XSS with 'code' and 'error' in OAuth2ProviderApplicationRedirect - Liferay

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

CVE-2023-33943: CVE-2023-33943 XSS with user name in account - Liferay

Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.

CVE-2023-33942: CVE-2023-33942 Stored XSS with article title in Web Content Display widget - Liferay

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.

CVE-2023-33938: CVE-2023-33938 Stored XSS with object name in App Builder - Liferay

Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.

CVE-2023-33939: CVE-2023-33939 Stored XSS in Modified Facet - Liferay

Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.

CVE-2023-33940: CVE-2023-33940 Stored XSS with IFrame type Remote App URL - Liferay

Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.

CVE-2023-33937: CVE-2023-33937 Stored XSS with form name in form configuration - Liferay

Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field.