6 matches found
Liferay Portal 7.4.x < 7.4.3.102 XSS
The version of Liferay Portal installed on the remote host is prior to 7.4.3.102. It is, therefore, affected by a vulnerability as referenced in the advisory. - Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay...
GHSA-Q2CV-7J58-RFMJ Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...
CVE-2023-47795
Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...
Liferay Portal denial of service (memory consumption)
The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote...
GHSA-87M3-6QJ3-P3XH Liferay Portal denial of service (memory consumption)
The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote...
CVE-2024-25143
CVE-2024-25143 affects Liferay Portal 7.2.0–7.3.6 and Liferay DXP 7.3 before SP3, and 7.2 before FP13; the issue arises when generating previews for Document and Media widgets, where resource consumption is not limited, leading to possible DoS via crafted PNG images. Exploitation status is not de...