60 matches found
CVE-2023-53932 Serendipity 2.4.0 Stored Cross-Site Scripting via Admin Entry Creation
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...
Improper Access Control
com.liferay, com.liferay.blogs.item.selector.web is vulnerable to improper access control. The vulnerability is due to missing permission checks on blog entry images, which allows an attacker to access and view images via a crafted URL...
EUVD-2008-3314
Malware in sbrugna...
EUVD-2005-3103
Malware in sbrugna...
EUVD-2006-2247
Malware in sbrugna...
EUVD-2012-3966
Malware in sbrugna...
EUVD-2017-15070
Malware in sbrugna...
Malicious code in @seo-frontend-components/card-blog-entry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12425fa8db62cc4b037b603cc3bd493ff000753ccaaa641ff23788b57484698d The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-entry' @ 1.999.0 npm as malicious. It is considered maliciou...
CVE-2024-25610
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...
CVE-2024-25610
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...
PT-2024-21040 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.12 Liferay DXP 7.4 before update 9 Liferay DXP 7.3 before update 4 Liferay DXP 7.2 before fix pack 19 Description: The default configuration does not sanitize blog entries of JavaScript, which allow...
Cross-Site Scripting (XSS)
intelliants/subrion is vulnerable to cross-site scripting. The vulnerability exists due to lack of validations when editing a blog entry which allows an attacker to modify the name of the uploaded images and execute arbitrary javascript...
Remote code execution
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
Cross-site scripting XSS vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the comliferayblogswebportletBlogsAdminPortlettitle and...
GHSA-R39X-3QQ4-GXMR Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
Cross-site scripting XSS vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the comliferayblogswebportletBlogsAdminPortlettitle and...
PT-2022-10707 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.3.6 Liferay DXP 7.3 before fix pack 2 Description: A cross-site scripting XSS issue exists in the Blogs module's edit blog entry page, allowing remote attackers to inject arbitrary web script or HTML vi...
CVE-2021-42306
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal which is not recommended. This vulnerability allows a user or service in the...
Information disclosure
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential? on an Azure AD Application or Service Principal which is not recommended. This vulnerability allows a user or service in the...
Azure Active Directory Information Disclosure Vulnerability
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal which is not recommended. This vulnerability allows a user or service in the...
Information Disclosure
Moodle is vulnerable to information disclosure. A malicious user can read a non-public file if it is referenced in a public blog entry...