19 matches found
EUVD-2021-22105
Malware in sbrugna...
Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module
A Cross-site scripting XSS vulnerability in the Frontend Taglib module before 9.1.7 from Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
GHSA-G6R2-6X46-JPP6 Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module
A Cross-site scripting XSS vulnerability in the Frontend Taglib module before 9.1.7 from Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
CVE-2022-42117
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
CVE-2022-42117
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
Cross site scripting
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2022-42117
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...
GHSA-9H7F-5HC8-CJ5F Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...
com.liferay:com.liferay.adaptive.media.web (>=1.0.0 <=1.0.6), com.liferay:com.liferay.amazon.rankings.web (>=1.0.0 <=1.0.14) +128 more potentially affected by CVE-2017-12648 via com.liferay:com.liferay.frontend.taglib (>=1.0.0 <=2.1.0)
com.liferay:com.liferay.frontend.taglib MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.11 and more Source cves: CVE-2017-12648 Source advisory: OSV:GHSA-CM99-X97G-9QX8...
Cross-site Scripting (XSS)
Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in the processStartTag function of ManagementToolbarTag.java because the keyword parameter of the search function is not properly escaped, which allows an attacker to inject and execute arbitrary web...
Liferay Portal vulnerable to cross-site scripting (XSS) via the keywords parameter
Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting XSS vulnerability via the keywords parameter under the Frontend Taglib module before 7.1.15...
GHSA-9536-M86R-Q297 Liferay Portal vulnerable to cross-site scripting (XSS) via the keywords parameter
Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting XSS vulnerability via the keywords parameter under the Frontend Taglib module before 7.1.15...
CVE-2021-38264
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...
Cross site scripting
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...
Liferay Portal 跨站脚本漏洞
Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A cross-site scripting vulnerability exists in...
CVE-2021-35463
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...