PT-2024-21324 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.75 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 Liferay DXP versions 2023.Q3.1 through 2023.Q3.5 Liferay Portal 7.4 update 75 through update 92 Liferay Portal 7.3 update 32 through update 36...

PT-2024-40363 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A maliciously crafted URL can bypass the offsite redirection protection for BackURL parameters, potentially leading to users entering sensitive data on malicious websites instead of the...

Cross-Site Request Forgery (CSRF)

com.liferay.layout.seo.web is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the lack of validation in the backURL parameter in the layout module's SEO configuration, which allows an attacker to inject and execute malicious code in the scripting console via the...

Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...

GHSA-QXF6-MP24-52CV Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary code by tricking a user into performing actions through crafte...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration of the Layout module. An attacker can cause users to be redirected to arbitrary external URLs by tricking them into clickin...

GHSA-22W7-M5F8-87VH Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...

Liferay Portal 输入验证错误漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses EJB as well as JMS and other technologies, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social networking and so on. A security vulnerability exists in Liferay Port...

SUSE CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

The vulnerability of the Zabbix Frontend universal monitoring system, related to the lack of protective measures for the web page structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Zabbix Frontend monitoring system lies in the lack of protection for the web page structure when processing the backurl parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created malicious link...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

DEBIAN-CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

UBUNTU-CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

Zabbix Frontend 跨站脚本漏洞

Zabbix Frontend is a monitoring software front-end tool from the US-based Zabbix. A security vulnerability exists in Zabbix Frontend, which originates from the ability for an unauthenticated user to create a link with reflective Javascript code in the backurl parameter and send it to other...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

PT-2022-4909 · Zabbix +1 · Zabbix Frontend +2

Name of the Vulnerable Software and Affected Versions: Zabbix Frontend affected versions not specified Description: The issue is related to the lack of protection measures for the web page structure when handling the backurl parameter in Zabbix Frontend. This can be exploited by an unauthenticate...