3 matches found
Reflected Cross Site Scripting (XSS)
com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayportallanguageoverridewebinternalportletPLOPortletselectedLanguageId parameter, which allows an attacker to inject and execute arbitra...
Open Redirect
com.liferay.portal, release.dxp.bom is vulnerable to Open Redirect. The vulnerability is caused due to allowing user supplied input in URLs as a redirect target and not sanitizing the user supplied input in the adaptive media administration page. This allows remote attackers to redirect users to...
Privilege Escalation
com.liferay.portal is vulnerable to privilege escalation. Remote authenticated attackers are able to gain access to view sensitive user information by accessing a list of sites and groups via the site membership assignment UI, due to improper validations of user permissions...