29 matches found
Incorrect Authorization
Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...
EUVD-2025-206520
Tanium addressed a SQL injection vulnerability in Asset...
BIT-LIFERAY-2021-38265
Cross-site scripting XSS vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the comliferayassetlistwebportletAssetListPortlettitle parameter...
BIT-LIFERAY-2022-26593
Cross-site scripting XSS vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category...
CVE-2022-29858
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content...
GHSA-9G57-M5VF-QP73 Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter
Cross-site scripting XSS vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the comliferayassetcategoriesadminwebportletAssetCategoriesAdminPortlettitle...
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter
Cross-site scripting XSS vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the comliferayassetcategoriesadminwebportletAssetCategoriesAdminPortlettitle...
CVE-2022-26593
Cross-site scripting XSS vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category...
CVE-2022-26593
Cross-site scripting XSS vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category...
Cross site scripting
Cross-site scripting XSS vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category...
CVE-2022-26593
Cross-site scripting XSS vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category...
CVE-2021-38265
Cross-site scripting XSS vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the comliferayassetlistwebportletAssetListPortlettitle parameter...
CVE-2021-38265
CVE-2021-38265 is an XSS vulnerability in the Asset module of Liferay Portal, affecting version 7.3.4–7.3.6. An attacker can remotely inject arbitrary web script or HTML when creating a collection page using the parameter _com_liferay_asset_list_web_portlet_AssetListPortlet_title. The connected d...
PT-2022-10705 · Liferay · Liferay Portal
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.4 through 7.3.6 Description: A cross-site scripting XSS issue exists in the Asset module, allowing remote attackers to inject arbitrary web script or HTML when creating a collection page. This is achieved via the c...
CVE-2021-33328
Cross-site scripting XSS vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the 1...
CVE-2021-29051
Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2021-29051
Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...
Cross site scripting
Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2021-29046
Cross-site scripting XSS vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the comliferayassetcategoriesadminwebportletAssetCategoriesAdminPortlettitle...
CVE-2021-29046
Cross-site scripting XSS vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the comliferayassetcategoriesadminwebportletAssetCategoriesAdminPortlettitle...