Design/Logic Flaw

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching...

CVE-2023-33947

CVE-2023-33947 affects Liferay Portal 7.4.3.4–7.4.3.60 and Liferay DXP 7.4 prior to update 61. The vulnerability arises because the Object module does not segment object definitions by virtual instance during search, enabling remote authenticated users in one virtual instance to view definitions ...

CVE-2023-33947

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching...

CVE-2023-33947

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching...

CVE-2023-33946

Summary: CVE-2023-33946 affects Liferay Portal 7.4.3.4–7.4.3.48 and Liferay DXP 7.4 before update 49, where the Object module fails to properly isolate objects across different virtual instances. This allows remote authenticated users in one instance to view objects in another via the OAuth 2 sco...

CVE-2023-33946

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope...

K8331: OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

GHSA-X43W-XPHX-86W3 Liferay Portal Vulnerable to XSS in the Object Module

Cross-site scripting XSS vulnerability in the Object module's edit object details page in Liferay Object Web before 1.0.99 from Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's Label text...

Liferay Portal Vulnerable to XSS in the Object Module

Cross-site scripting XSS vulnerability in the Object module's edit object details page in Liferay Object Web before 1.0.99 from Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's Label text...

CVE-2022-42115

Cross-site scripting XSS vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's Label text field...

Cross site scripting

Cross-site scripting XSS vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's Label text field...

CVE-2022-42115

Cross-site scripting XSS vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's Label text field...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a web publishing and sharing workspace, enterprise collaboration platform, social network, etc. A security vulnerability exists in Liferay Portal versions...

CVE-2021-24017

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler...

CVE-2019-12897

Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer after a call from ObjectModule!Paint::Clear+0x0000000000000074...

Stack Overflow Vulnerability in WPS Office Formula Object Module

WPS Office is an office software suite independently developed by Kingsoft Corporation Limited, which can realize the most commonly used text, table, presentation and many other functions of office software. A heap overflow vulnerability exists in the WPS OFFICE formula object module. An attacker...

SOL8331 - OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. Information...

CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness...

Design/Logic Flaw

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness...