12 matches found
EUVD-2024-3606
Malicious code in bioql PyPI...
CVE-2025-43789
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed...
CVE-2025-43789
The CVE-2025-43789 issue affects Liferay Portal/Liferay DXP: JSON Web Services in Liferay Portal 7.4.0–7.4.3.119 and Liferay DXP 2024.Q1.1–2024.Q1.9 (7.4 GA through update 92 published to OSGi) are registered and invoked directly as classes, enabling Service Access Policies to be executed. Root c...
CVE-2023-37940
Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...
GHSA-PX38-239G-X5MG Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2023-37940
Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2023-37940
Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2023-37940
This CVE refers to a Cross-site Scripting (XSS) vulnerability in the Service Access Policy edit page of Liferay Portal and Liferay DXP. A crafted payload placed in the Service Class field can inject script/HTML, affecting Liferay Portal versions 7.0.0–7.4.3.87 and Liferay DXP 7.4 GA–update 87, an...
CVE-2023-37940
Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...
PT-2024-12668 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.0.0 through 7.4.3.87 Liferay DXP versions 7.4 GA through update 87 Liferay DXP versions 7.3 GA through update 29 Description: A cross-site scripting XSS issue in the edit Service Access Policy page allows remote...
Liferay Portal 跨站脚本漏洞
Liferay Portal is a J2EE-based portal solution from the US company Liferay. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A cross-site scripting vulnerability exis...