EUVD-2012-4429

Malware in sbrugna...

CVE-2025-43817

Multiple reflected cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the redirect...

GHSA-2QWM-9MG5-JWQ8 Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module

A Cross-site scripting XSS vulnerability in the Announcements module before 6.0.11 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module

A Cross-site scripting XSS vulnerability in the Announcements module before 6.0.11 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

CVE-2022-42110

CVE-2022-42110 describes a Cross-site Scripting (XSS) vulnerability in the Announcements module of Liferay Portal (versions 7.1.0–7.4.2) and Liferay DXP (7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3). Remote attackers can inject arbitrary web script/HTML. The root cau...

Design/Logic Flaw

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact...

CVE-2012-4500

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact...

CVE-2012-4500

The CVE-2012-4500 entry concerns Drupal’s Announcements module (6.x-1.x) prior to version 6.x-1.5. The vulnerability allows remote authenticated users who have the 'access announcements' permission to bypass node access restrictions, potentially leading to additional unspecified impact. Patch/fix...

SA-CONTRIB-2012-132 - Announcements - Access Bypass

The Announcements module creates an "announcement" content type and provides both node views and block lists. The module doesn't sufficiently check node access under certain conditions. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access...