10 matches found
EUVD-2022-45206
Malicious code in bioql PyPI...
CVE-2022-42120
A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute...
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module
A SQL injection vulnerability in the Fragment module before 4.0.33 from Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute...
GHSA-R5FJ-J449-VQW2 Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module
A SQL injection vulnerability in the Fragment module before 4.0.33 from Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute...
CVE-2022-42120
A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute...
PT-2022-26266 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.3 through 7.4.3.16 Liferay DXP versions 7.3 before update 4 Liferay DXP versions 7.4 before update 17 Description: A SQL injection issue in the Fragment module allows attackers to execute arbitrary SQL commands via...
CVE-2022-42120
CVE-2022-42120 describes an SQL injection in the Fragment module of Liferay Portal (versions 7.3.3–7.4.3.16) and Liferay DXP (7.3 before update 4 and 7.4 before update 17). The vulnerability enables attackers to execute arbitrary SQL commands via a PortletPreferences namespace attribute, exposing...
CVE-2022-42120
A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute...
Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting
Cross-site scripting XSS vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the comliferaysiteadminwebportletSiteAdminPortletname parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the comliferaysiteadminwebportletSiteAdminPortletname parameter...