CVE-2024-26482

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...

CVE-2024-26484

A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...

CVE-2023-33944

Cross-site scripting XSS vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's UR...

CVE-2021-29048

Cross-site scripting XSS vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2022-24822

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an invalid block device dereference that is not handled correctly in the nfs/blocklayout module, resulting i...

GHSA-QV4X-V2V4-F8P9 Withdrawn Advisory: Kirby CMS HTML injection vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vendor reports that some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur. Original Advisory An HTML injection...

BIT-LIFERAY-2023-33944

Cross-site scripting XSS vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's UR...

Cross-site Scripting (XSS)

com.liferay.layout.seo.web is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of validation of the URLs in the layout module's SEO configuration, which allows an attacker to inject and execute malicious javascript or HTML via the...

Open Redirect

com.liferay.layout.seo.web is vulnerable to Open Redirect. The vulnerability exists due to the lack of validation in the backURL parameter in the layout module's SEO configuration, which allows an attacker to redirect users to malicious external URLs via the...

Liferay DXP 7.4.13.70 < 7.4.13.74 XSS

The detected install of Liferay DXP is between 7.4.13.70 and 7.4.13.73. It is therefore affected by a Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.13.70 through 7.4.13.73, which allows remote attackers to inject arbitrary web script or HTML...

Liferay Portal CE 7.4.3.70 < 7.4.3.74 XSS

The detected install of Liferay Portal CE is between 7.4.3.70 and 7.4.3.73. It is therefore affected by a Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, which allows remote attackers to inject arbitrary web script or HT...

Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...

GHSA-QXF6-MP24-52CV Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

GHSA-P2FC-XXR8-FW3P Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module

Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module

Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration of the Layout module. An attacker can cause users to be redirected to arbitrary external URLs by tricking them into clickin...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration of the Layout module. An attacker can cause users to be redirected to arbitrary external URLs by tricking them into clickin...

GHSA-22W7-M5F8-87VH Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...