10 matches found
EUVD-2024-0723
Malicious code in bioql PyPI...
CVE-2024-26266
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...
Cross-site Scripting (XSS)
Liferay Portal is vulnerable to stored cross-site scripting. The vulnerability is due to the improper neutralization of input during web page generation which allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name te...
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...
GHSA-RWXC-4CMW-7X75 Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...
CVE-2024-26266
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...
Cross site scripting
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...
CVE-2024-26266
CVE-2024-26266 corresponds to multiple stored XSS vulnerabilities in Liferay Portal and Liferay DXP. Affected products/versions include Liferay Portal 7.2.0 through 7.4.3.13, and DXP releases prior to certain fixes, where remote authenticated users can inject arbitrary script/HTML via crafted pay...
CVE-2024-26266
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...
PT-2024-21319 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.13 Liferay DXP 7.4 before update 10 Liferay DXP 7.3 before update 4 Liferay DXP 7.2 before fix pack 17 Liferay DXP older unsupported versions Liferay Portal older unsupported versions Description:...