Lucene search
K

4 matches found

Snyk
Snyk
added 2024/10/22 6:32 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the getExcludedPathsJSONArray function, which is populated by the plbackurl parameter in the content page editor. An attacker can perform administrative actions, execute arbitrary code, and alter user...

8.8CVSS7.4AI score0.00342EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/05/17 2:15 a.m.4 views

com.liferay:com.liferay.adaptive.media.web (>=1.0.0 <=1.0.6), com.liferay:com.liferay.amazon.rankings.web (>=1.0.0 <=1.0.14) +128 more potentially affected by CVE-2017-12648 via com.liferay:com.liferay.frontend.taglib (>=1.0.0 <=2.1.0)

com.liferay:com.liferay.frontend.taglib MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.11 and more Source cves: CVE-2017-12648 Source advisory: OSV:GHSA-CM99-X97G-9QX8...

6.1CVSS6.6AI score0.00748EPSS
Exploits3
Veracode
Veracode
added 2022/03/07 10:18 a.m.27 views

Cross-site Scripting (XSS)

Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in the processStartTag function of ManagementToolbarTag.java because the keyword parameter of the search function is not properly escaped, which allows an attacker to inject and execute arbitrary web...

6.1CVSS2.8AI score0.00721EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2022/03/07 10:8 a.m.35 views

Cross-site Scripting (XSS)

Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in processStartTag function of ManagementToolbarTag.java because the keyword in the search function is not escaped which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS2.8AI score0.01122EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder