CVE-2022-42122

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...

CVE-2022-42127

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page...

SQL Injection

Liferay Portal is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user input in the title field of the Friendly URL module, which allows an attacker to inject and execute arbitrary SQL commands...

EUVD-2023-28686

Malicious code in bioql PyPI...

EUVD-2022-45208

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via friendlyURL. An attacker can execute arbitrary JavaScript in the context of a user's browser by crafting malicious URLs and tricking users into visiting them. Details Cross-site scripting or XSS is a code...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2023-24675

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Control Panel. An attacker can obtain sensitive user information by enumerating user screen names and accessing the page's title. Remediation Upgrade...

BIT-LIFERAY-2022-42127

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page...

CVE-2023-24675

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL...

CVE-2023-24675

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL...

Cross site scripting

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL...

CVE-2023-24675

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL...

PT-2023-19733 · Unknown · Bludit Cms

Name of the Vulnerable Software and Affected Versions: BluditCMS version 3.14.1 Description: The issue allows attackers to execute arbitrary code via the Categories Friendly URL, specifically through a Cross Site Scripting vulnerability. This enables attackers to inject malicious scripts into...

CVE-2023-24675

CVE-2023-24675 affects BluditCMS v3.14.1. The vulnerability is a Cross Site Scripting (XSS) flaw reachable via the Categories Friendly URL , enabling an attacker to run arbitrary code in the context of the affected user. Multiple sources (NVD, Red Hat, OSV, CVE listings) confirm the same vulnerab...

CVE-2023-24675

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL...

Incorrect Default Permissions in Liferay Portal

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page...

GHSA-5X9H-P2GX-35MG Incorrect Default Permissions in Liferay Portal

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page...

Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...