4 matches found
Stored Cross-site Scripting (XSS)
com.liferay, com.liferay.item.selector.web is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the asset author’s First Name, Middle Name, or Last Name fields, which allows an authenticated attacker to inject arbitrary web...
com.liferay:com.liferay.adaptive.media.blogs.item.selector.web (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-62275 via com.liferay:com.liferay.blogs.item.selector.web (=2.0.0)
com.liferay:com.liferay.blogs.item.selector.web MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.blogs.item.selector.web and may be impacted: - com.liferay:com.liferay.adaptive.media.blogs.item.selector.web...
Missing Authorization
Overview com.liferay:com.liferay.blogs.item.selector.web is a Liferay Blogs Item Selector Web Affected versions of this package are vulnerable to Missing Authorization via insufficient permission checks in the BlogsItemSelectorViewDisplayContext class, when handling image access. An attacker can...
Cross-site Scripting (XSS)
Overview com.liferay:com.liferay.dynamic.data.mapping.item.selector.web is a Liferay Dynamic Data Mapping Item Selector Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the select structure page when processing user input in the First Name, Middle Name, or Last...