3 matches found
GHSA-3CM9-JRF5-H2CX Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key
Insecure Direct Object Reference IDOR vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to from one account to view addresses fr...
EUVD-2017-14950
Malware in sbrugna...
Cross site scripting
XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter...