Lucene search
+L

6 matches found

nessus
nessus
added 2024/02/23 12:0 a.m.28 views

Liferay Portal 7.4.x < 7.4.3.102 XSS

The version of Liferay Portal installed on the remote host is prior to 7.4.3.102. It is, therefore, affected by a vulnerability as referenced in the advisory. - Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay...

9CVSS8.1AI score0.00614EPSS
Exploits0References2
osv
osv
added 2024/02/21 3:30 p.m.37 views

GHSA-Q2CV-7J58-RFMJ Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting

Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...

9CVSS6.1AI score0.00614EPSS
Exploits0References3
cvelist
cvelist
added 2024/02/21 2:1 p.m.20 views

CVE-2023-47795

Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...

9CVSS7.3AI score0.00614EPSS
Exploits0References1
github
github
added 2024/02/07 3:30 p.m.15 views

Liferay Portal denial of service (memory consumption)

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote...

6.5CVSS6.8AI score0.00691EPSS
Exploits0References6Affected Software1
osv
osv
added 2024/02/07 3:30 p.m.38 views

GHSA-87M3-6QJ3-P3XH Liferay Portal denial of service (memory consumption)

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote...

7.1CVSS6.1AI score0.00691EPSS
Exploits0References6
cve
cve
added 2024/02/07 2:45 p.m.60 views

CVE-2024-25143

CVE-2024-25143 affects Liferay Portal 7.2.0–7.3.6 and Liferay DXP 7.3 before SP3, and 7.2 before FP13; the issue arises when generating previews for Document and Media widgets, where resource consumption is not limited, leading to possible DoS via crafted PNG images. Exploitation status is not de...

6.5CVSS6.1AI score0.00691EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder