3 matches found
LifeRay 7.2.1 GA2 Cross Site Scripting
Exploit Title: LifeRay 7.2.1 GA2 - Stored XSS Date: 10/05/2020 Exploit Author: 3ndG4me Vendor Homepage: https://www.liferay.com/ Software Link: https://www.liferay.com/ Version: 7.1.0 - 7.2.1 GA2 REQUIRED Tested on: Debian Linux CVE : CVE-2020-7934 Public Exploit/Whitepaper:...
LifeRay 7.2.1 GA2 - Stored XSS
Exploit Title: LifeRay 7.2.1 GA2 - Stored XSS Date: 10/05/2020 Exploit Author: 3ndG4me Vendor Homepage: https://www.liferay.com/ Software Link: https://www.liferay.com/ Version: 7.1.0 - 7.2.1 GA2 REQUIRED Tested on: Debian Linux CVE : CVE-2020-7934 Public Exploit/Whitepaper:...
CVE-2020-7934
The CVE-2020-7934 entry describes a stored XSS vulnerability in LifeRay Portal CE 7.1.0–7.2.1 GA2, specifically in the MyAccountPortlet where First Name, Middle Name, and Last Name fields can be altered by an attacker and the payload is stored in the database. The malicious data is rendered when ...