11 matches found
Cross-site Scripting (XSS)
Overview com.liferay:com.liferay.portal.workflow.web is a Liferay Portal Workflow Web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Custom Object label field. An attacker can execute arbitrary JavaScript code in the context of other users by injecting...
CVE-2024-38002
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currentURL parameter on the Portal Workflow module's edit process page, which is accepted and rendered without sanitization. Details Cross-site scripting or XSS is a code vulnerability that occurs when a...
GHSA-W28V-87G6-CJR6 Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter
Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...
CVE-2021-33333
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs...
CVE-2021-33333
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs...
CVE-2021-29049
Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...
CVE-2021-29049
Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...
CVE-2021-29049
Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...
PT-2021-18047 · Liferay · Liferay Dxp
Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 7.0 through 7.0 before fix pack 99 Liferay DXP versions 7.1 through 7.1 before fix pack 23 Liferay DXP versions 7.2 through 7.2 before fix pack 12 Liferay DXP versions 7.3 through 7.3 before fix pack 1 Description: A...