16 matches found
GHSA-44JG-JGJX-3XG5 Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
Stored cross-site scripting XSS vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users...
CVE-2024-25603
Stored cross-site scripting XSS vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users...
CVE-2024-25603
Stored cross-site scripting XSS vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users...
Cross site scripting
Stored cross-site scripting XSS vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users...
Liferay Portal and Liferay DXP Security Vulnerabilities
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
PowerJob Command Execution Vulnerability
PowerJob is an open source distributed computing and job scheduling framework that allows developers to easily schedule tasks in their applications. A command execution vulnerability exists in PowerJob version 4.3.3, which stems from the parameter instanceId of /instance/detail failing to properl...
GHSA-2H26-QFXM-R3PQ Code injection in PowerJob
PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...
Code injection in PowerJob
PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...
CVE-2023-37754
PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...
CVE-2023-37754
PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...
CVE-2023-37754
PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...
CVE-2023-37754
CVE-2023-37754 affects PowerJob v4.3.3. The vulnerability is a remote command execution (RCE) via the instanceId parameter in the /instance/detail endpoint. The root cause is improper validation/filtering of constructor commands in the instanceId input, enabling arbitrary code/command execution o...
CVE-2023-37754
PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...
System Center 2012 Operations Manager SP1 Update Rollup 5
System Center 2012 Operations Manager SP1 Update Rollup 5 Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 Operations Manager Service Pack 1 SP1. Additionally, this article contains the installation instructions for Update Rollup 5...
ownCloud: bug reporting template encourages users to paste config file with passwords
The dangerous bug reporting template ============================= The github bug reporting template for owncloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...
Nextcloud: bug reporting template encourages users to paste config file with passwords
The dangerous bug reporting template ============================= The github bug reporting template for nextcloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...