Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

47 advisories

Loading
Cross-site scripting in Swagger-UI Critical
CVE-2019-17495 was published for io.springfox:springfox-swagger-ui (Maven) Oct 15, 2019
mustafanaa
XWiki Platform allows XSS through XClass name in string properties Critical
CVE-2024-43400 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 19, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution Critical
CVE-2024-41947 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jul 31, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25603 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting Critical
CVE-2024-26269 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-26266 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-42498 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-40191 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-42496 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25601 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting Critical
CVE-2024-25602 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting Critical
CVE-2024-25147 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25152 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2023-47795 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal stored cross-site scripting (XSS) vulnerability Critical
CVE-2024-25145 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 7, 2024
Liferay Portal XSS with `p_l_back_url_title` on edit content page Critical
CVE-2023-47797 was published for com.liferay.portal:release.portal.bom (Maven) Nov 17, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template Critical
CVE-2023-35159 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template Critical
CVE-2023-35156 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template Critical
CVE-2023-35160 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page Critical
CVE-2023-35161 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template Critical
CVE-2023-35162 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 20, 2023
XWiki Change Request Application UI XSS and remote code execution through change request title Critical
CVE-2023-45138 was published for org.xwiki.contrib.changerequest:application-changerequest-ui (Maven) Oct 17, 2023
michitux
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability Critical
CVE-2023-37908 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Oct 25, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template Critical
CVE-2023-32071 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) May 9, 2023
ProTip! Advisories are also available from the GraphQL API