Bagisto 跨站脚本漏洞

Bagisto is an open source e-commerce framework open sourced by Webkul Software in India. A cross-site scripting vulnerability exists in Bagisto versions prior to 2.3.10, which stems from the presence of stored cross-site scripting in the CMS page editor, which could lead to account takeover...

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to 1 change user...

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

PT-2024-21325 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.107 Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 Liferay DXP versions 2023.Q3.1 through 2023.Q3.5 Liferay DXP 7.4 GA through update 92 Liferay DXP 7.3 GA through update 35 Description: A...