Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications.
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.
Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications.
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server's filesystem.
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.6, 2024.Q3.0 through 2024.Q3.
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title resu
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attac
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.
Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploi
Page 1+ Next →