Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portal vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-1736
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote malicious user to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed ...
Ibm Websphere Portal 8.5.0.0
Ibm Websphere Portal 8.0.0.1
Ibm Websphere Portal 7.0.0.1
Ibm Websphere Portal 7.0.0.0
Ibm Websphere Portal 7.0.0.2
Ibm Websphere Portal 8.0.0.0
Ibm Websphere Portal 9.0.0.0
NA
CVE-2014-0951
Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 prior to 7.0.0.2 CF28 and 8.0 prior to 8.0.0.1 CF12 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ibm Websphere Portal 7.0.0.1
Ibm Websphere Portal 7.0.0.2
Ibm Websphere Portal 6.1.5.3
Ibm Websphere Portal 8.0.0.1
Ibm Websphere Portal 7.0.0.0
Ibm Websphere Portal 8.0.0.0
Ibm Websphere Portal 6.1.0.6
6.1
CVSSv3
CVE-2018-1716
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
Ibm Websphere Portal 7.0.0.1
Ibm Websphere Portal 8.5.0.0
Ibm Websphere Portal 8.0.0.1
Ibm Websphere Portal 7.0.0.0
Ibm Websphere Portal 8.0.0.0
Ibm Websphere Portal 7.0.0.2
Ibm Websphere Portal 9.0.0.0
6.3
CVSSv3
CVE-2018-1672
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
Ibm Websphere Portal 8.5.0.0
Ibm Websphere Portal 8.0.0.1
Ibm Websphere Portal 7.0.0.0
Ibm Websphere Portal 7.0.0.2
Ibm Websphere Portal 8.0.0.0
Ibm Websphere Portal 7.0.0.1
Ibm Websphere Portal 9.0.0.0
6.1
CVSSv3
CVE-2022-35224
SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of scri...
Sap Enterprise Portal 7.10
Sap Enterprise Portal 7.11
Sap Enterprise Portal 7.20
Sap Enterprise Portal 7.30
Sap Enterprise Portal 7.31
Sap Enterprise Portal 7.40
Sap Enterprise Portal 7.50
8.2
CVSSv3
CVE-2019-2583
Vulnerability in the Oracle iSupplier Portal component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with...
Oracle Isupplier Portal 12.2.7
Oracle Isupplier Portal 12.1.3
Oracle Isupplier Portal 12.2.4
Oracle Isupplier Portal 12.2.8
Oracle Isupplier Portal 12.2.3
Oracle Isupplier Portal 12.2.6
Oracle Isupplier Portal 12.2.5
NA
CVE-2008-0180
Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.
Liferay Liferay Enterprise Portal 3.6.1
Liferay Liferay Enterprise Portal 4.3.1
Liferay Liferay Enterprise Portal 2.1.0
Liferay Liferay Enterprise Portal
Liferay Liferay Enterprise Portal 2.1.1
Liferay Liferay Enterprise Portal 1.0
Liferay Liferay Enterprise Portal 2.2.0
Liferay Liferay Enterprise Portal 4.1.3
Liferay Liferay Enterprise Portal 4.1
Liferay Liferay Enterprise Portal 2.0
Liferay Liferay Enterprise Portal 4.3.6
Liferay Liferay Enterprise Portal 4.1.1
NA
CVE-2004-2511
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; ...
Codeworx Technologies Dcp-portal 3.7
Codeworx Technologies Dcp-portal 5.0.2
Codeworx Technologies Dcp-portal 5.2
Codeworx Technologies Dcp-portal 4.1
Codeworx Technologies Dcp-portal 5.3
Codeworx Technologies Dcp-portal 5.0.1
Codeworx Technologies Dcp-portal
Codeworx Technologies Dcp-portal 5.3.1
Codeworx Technologies Dcp-portal 4.5.1
Codeworx Technologies Dcp-portal 4.2
Codeworx Technologies Dcp-portal 4.0
Codeworx Technologies Dcp-portal 5.1
3 EDB exploits
NA
CVE-2004-2512
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and previous versions allows remote malicious users to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
Codeworx Technologies Dcp-portal 3.7
Codeworx Technologies Dcp-portal 5.0.2
Codeworx Technologies Dcp-portal 5.2
Codeworx Technologies Dcp-portal 4.1
Codeworx Technologies Dcp-portal 5.3
Codeworx Technologies Dcp-portal 5.0.1
Codeworx Technologies Dcp-portal
Codeworx Technologies Dcp-portal 5.3.1
Codeworx Technologies Dcp-portal 4.5.1
Codeworx Technologies Dcp-portal 4.2
Codeworx Technologies Dcp-portal 4.0
Codeworx Technologies Dcp-portal 5.1
1 EDB exploit
NA
CVE-2005-4458
Group.pm in Metadot Portal Server 6.4.4 and previous versions does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR...
Metadot Metadot Portal Server 5.6.5.1
Metadot Metadot Portal Server 6.4
Metadot Metadot Portal Server 5.6.4.3
Metadot Metadot Portal Server 6.4.1
Metadot Metadot Portal Server 5.6.5.3.1
Metadot Metadot Portal Server 6.4.3
Metadot Metadot Portal Server 5.6.5.4b5
Metadot Metadot Portal Server 5.6.5.2
Metadot Metadot Portal Server 5.6.5.3
Metadot Metadot Portal Server 5.6.6
Metadot Metadot Portal Server 5.6.4
Metadot Metadot Portal Server 5.5.2.1
Metadot Metadot Portal Server 5.6.5
Metadot Metadot Portal Server 6.4.4
Metadot Metadot Portal Server 5.6.4.1
Metadot Metadot Portal Server 5.6.4.2
Metadot Metadot Portal Server 6.4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »