Lucene search
K

11 matches found

OSV
OSV
added 2024/01/31 3:19 p.m.20 views

BIT-LIFERAY-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS5.1AI score0.00338EPSS
Exploits0References3
NVD
NVD
added 2023/05/24 1:15 p.m.31 views

CVE-2023-33937

Stored cross-site scripting XSS vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's name fiel...

5.4CVSS5.2AI score0.00446EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/11/15 12:0 p.m.5 views

Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module

A Cross-site scripting XSS vulnerability in the Announcements module before 6.0.11 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00562EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2022/11/15 2:15 a.m.16 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS0.00338EPSS
Exploits0References3
NVD
NVD
added 2022/11/15 1:15 a.m.31 views

CVE-2022-42118

A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...

6.1CVSS0.0115EPSS
Exploits0References3
OSV
OSV
added 2022/11/15 12:15 a.m.21 views

CVE-2022-42110

A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00562EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 12:15 a.m.20 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

5.8CVSS6.1AI score0.00562EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.29 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

5.4AI score0.00338EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/04/25 3:41 p.m.24 views

CVE-2022-26596

Cross-site scripting XSS vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via we...

6.2AI score0.00681EPSS
Exploits0References1
OSV
OSV
added 2021/08/04 1:15 p.m.32 views

CVE-2021-33336

Cross-site scripting XSS vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the comliferayjournalwebportletJournalPortletnam...

5.4CVSS5.9AI score0.00675EPSS
Exploits0References2
OSV
OSV
added 2021/05/17 12:15 p.m.18 views

CVE-2021-29051

Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder