24 matches found
EUVD-2023-39067
Malicious code in bioql PyPI...
EUVD-2023-43871
Malicious code in bioql PyPI...
EUVD-2023-39066
Malicious code in bioql PyPI...
CVE-2023-35030
Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the...
CVE-2023-3193
Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...
Cross-site Scripting (XSS)
com.liferay.layout.seo.web is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of validation of the URLs in the layout module's SEO configuration, which allows an attacker to inject and execute malicious javascript or HTML via the...
Open Redirect
com.liferay.layout.seo.web is vulnerable to Open Redirect. The vulnerability exists due to the lack of validation in the backURL parameter in the layout module's SEO configuration, which allows an attacker to redirect users to malicious external URLs via the...
Liferay DXP 7.4.13.70 < 7.4.13.74 XSS
The detected install of Liferay DXP is between 7.4.13.70 and 7.4.13.73. It is therefore affected by a Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.13.70 through 7.4.13.73, which allows remote attackers to inject arbitrary web script or HTML...
Liferay Portal CE 7.4.3.70 < 7.4.3.74 XSS
The detected install of Liferay Portal CE is between 7.4.3.70 and 7.4.3.73. It is therefore affected by a Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, which allows remote attackers to inject arbitrary web script or HT...
Liferay Portal CE 7.4.3.70 < x < 7.4.3.77 Multiple vulnerabilities
The detected install of Liferay Portal CE is between 7.4.3.70 and 7.4.3.76. It is therefore affected by multiple vulnerabilities: - Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76 allows remote attackers to execute...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary code by tricking a user into performing actions through crafte...
GHSA-QXF6-MP24-52CV Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module
Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input...
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module
Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary code by tricking a user into performing actions through crafte...
GHSA-22W7-M5F8-87VH Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...
CVE-2023-35030
Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the...
CVE-2023-35029
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...
Open redirect
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter...