GHSA-22W7-M5F8-87VH Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...

GHSA-QXF6-MP24-52CV Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module

Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...

CVE-2023-3193

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

PT-2023-23529

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.70 through 7.4.3.73 Liferay DXP 7.4 update 70 through 73 Description A cross-site scripting XSS issue exists in the Layout module's SEO configuration, allowing remote attackers to inject arbitrary web script or HT...

Liferay Portal 跨站请求伪造漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses EJB as well as JMS and other technologies, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social networking and so on. A cross-site request forgery vulnerability exis...

PT-2023-25102 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.70 through 7.4.3.76 Liferay DXP 7.4 update 70 through 76 Description: A cross-site request forgery CSRF issue in the Layout module's SEO configuration allows remote attackers to execute arbitrary code in the...

Liferay Portal 输入验证错误漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses EJB as well as JMS and other technologies, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social networking and so on. A security vulnerability exists in Liferay Port...

PT-2023-25100 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.70 through 7.4.3.76 Liferay DXP 7.4 update 70 through 76 Description: The issue is related to an open redirect vulnerability in the Layout module's SEO configuration. This vulnerability allows remote attackers to...

CVE-2020-36711

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the updatelayout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web...

WordPress theme Avada 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Avada version 6.2.3 and prior versions...

PT-2023-12492 · WordPress · Ulisting

Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue allows unauthorized access due to missing capability checks and a missing security nonce in the StmListingSingleLayout::import new layout method. This...

PT-2023-11853 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to and including 6.2.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the update layout function. This allows attackers with...

OESA-2023-1327 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

OESA-2023-1328 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

DRUPAL-CONTRIB-2023-016

The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting XSS vulnerability. Th...

Iubenda Integration - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-016

The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting XSS vulnerability. Th...

CVE-2023-0779

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible...