Lucene search
K

4 matches found

Veracode
Veracode
added 2025/11/19 10:5 a.m.6 views

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.item.selector.web is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the asset author’s First Name, Middle Name, or Last Name fields, which allows an authenticated attacker to inject arbitrary web...

5.4CVSS6AI score0.00205EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2025/11/01 3:30 a.m.9 views

com.liferay:com.liferay.adaptive.media.blogs.item.selector.web (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-62275 via com.liferay:com.liferay.blogs.item.selector.web (=2.0.0)

com.liferay:com.liferay.blogs.item.selector.web MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.blogs.item.selector.web and may be impacted: - com.liferay:com.liferay.adaptive.media.blogs.item.selector.web...

6.9CVSS5.8AI score0.00267EPSS
Exploits0
Snyk
Snyk
added 2025/11/01 3:30 a.m.4 views

Missing Authorization

Overview com.liferay:com.liferay.blogs.item.selector.web is a Liferay Blogs Item Selector Web Affected versions of this package are vulnerable to Missing Authorization via insufficient permission checks in the BlogsItemSelectorViewDisplayContext class, when handling image access. An attacker can...

6.9CVSS6.8AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/31 9:31 p.m.2 views

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.dynamic.data.mapping.item.selector.web is a Liferay Dynamic Data Mapping Item Selector Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the select structure page when processing user input in the First Name, Middle Name, or Last...

6.1CVSS5.5AI score0.00214EPSS
Exploits0References2
Rows per page
Query Builder