4 matches found
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the getExcludedPathsJSONArray function, which is populated by the plbackurl parameter in the content page editor. An attacker can perform administrative actions, execute arbitrary code, and alter user...
com.liferay:com.liferay.adaptive.media.web (>=1.0.0 <=1.0.6), com.liferay:com.liferay.amazon.rankings.web (>=1.0.0 <=1.0.14) +128 more potentially affected by CVE-2017-12648 via com.liferay:com.liferay.frontend.taglib (>=1.0.0 <=2.1.0)
com.liferay:com.liferay.frontend.taglib MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.11 and more Source cves: CVE-2017-12648 Source advisory: OSV:GHSA-CM99-X97G-9QX8...
Cross-site Scripting (XSS)
Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in the processStartTag function of ManagementToolbarTag.java because the keyword parameter of the search function is not properly escaped, which allows an attacker to inject and execute arbitrary web...
Cross-site Scripting (XSS)
Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in processStartTag function of ManagementToolbarTag.java because the keyword in the search function is not escaped which allows an attacker to inject and execute arbitrary javascript...