357 matches found
Liferay Profile Widget does not prevent vCard extension spoofing
The Profile Widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...
EUVD-2025-32592
The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...
HTTP Response Splitting
Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the Content-Disposition header. An attacker can manipulate the file extension of downloaded vCard files by supplying crafted input, potentially leading to user confusion or further exploitation. Remediation...
GHSA-PFXJ-GVQG-MJ44 Liferay Profile Widget does not prevent vCard extension spoofing
The Profile Widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...
EUVD-2009-3751
Malware in sbrugna...
EUVD-2005-4762
Malware in sbrugna...
EUVD-2008-6735
Malware in sbrugna...
EUVD-2019-6851
Malware in sbrugna...
EUVD-2005-3331
Malware in sbrugna...
EUVD-2019-8360
Malware in sbrugna...
EUVD-2015-5338
Malware in sbrugna...
EUVD-2003-0099
Malware in sbrugna...
EUVD-2004-1821
Malware in sbrugna...
EUVD-2005-2550
Malware in sbrugna...
EUVD-2010-4085
Malware in sbrugna...
EUVD-2006-1360
Malware in sbrugna...
EUVD-2006-1234
Malware in sbrugna...
EUVD-2005-1803
Malware in sbrugna...
EUVD-2006-2807
Malware in sbrugna...
CVE-2025-43824
The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...