GHSA-J663-6JPJ-XX8C Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components

Multiple stored cross-site scripting XSS vulnerabilities in the fragment components before 3.0.25 from Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field o...

Prepopulate - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-009

The Prepopulate module allows form fields to be pre-populated in the request. The Prepopulate module does not adequately prevent a user from overwriting arbitrary parts of $REQUEST. It also does not prevent pre-populating certain fields that are not displayed or manipulating markup fields to alte...