119 matches found
Liferay Portal 7.0.0 < 7.4.3.102 XSS
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...
CVE-2024-8980
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...
CVE-2024-8980
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...
CVE-2024-8980
CVE-2024-8980 is a CSRF flaw in the Script Console of Liferay Portal and Liferay DXP. Affected products/versions include Liferay Portal 7.0.0–7.4.3.101 and Liferay DXP 2023.Q3.1–2023.Q3.4, plus various 7.x release updates (e.g., 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through f...
CVE-2024-8980
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...
PT-2024-39349 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 6.2 GA through fix pack 173 Liferay Portal versions 7.0 GA through fix pack 102 Liferay Portal versions 7.0.0 through 7.4.3.101 Liferay DXP versions 7.1 GA through fix pack 28 Liferay DXP versions 7.2 GA through fix pa...
Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining. "Misconfigurations such as improperly set up authentication mechanisms expose the '/script'...
Exploit for Code Injection in Provectus Ui
CVE-2023-52251-POC There is a Remote Code Execution vulnerabi...
Exploit for Server-Side Request Forgery in Apache Ofbiz
CVE-2023-51467 Graphical Apache Ofbiz: CVE-2023-51467 – Remo...
Missing Permission Check
org.jenkins-ci.plugins:scriptler is vulnerable to a Missing Permission Check. The vulnerability is due to a missing permission check in a HTTP end point which allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
GHSA-4J42-6XFX-H754 Missing permission check in Jenkins Scriptler Plugin
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
Missing permission check in Jenkins Scriptler Plugin
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
CVE-2023-50765
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
CVE-2023-50765
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
Information disclosure
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
CVE-2023-50765
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
PT-2023-4808 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.9 XWiki Platform versions prior to 15.4RC1 Description: The XWiki Platform has a vulnerability related to insufficient access control. This can be exploited for remote code execution by an attacker with...
Remote code execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile or any other document with the wiki editor and add groovy script content. Viewing the document after...
CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile or any other document with the wiki editor and add groovy script content. Viewing the document after...
PT-2023-8609 · Unknown · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.3 XWiki Platform versions prior to 15.0-rc-1 Description: The issue allows a user without script or programming rights to edit a user profile or any other document with the wiki editor and add groovy...