Lucene search
K

4 matches found

OSV
OSV
added 2022/05/24 5:7 p.m.76 views

GHSA-F99H-H678-FGG4 Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet

In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will...

5.4CVSS5.7AI score0.04457EPSS
Exploits3References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:7 p.m.17 views

Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet

In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will...

5.4CVSS5.7AI score0.04457EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2020/01/28 2:15 p.m.29 views

CVE-2020-7934

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload wi...

5.4CVSS5.7AI score0.04457EPSS
Exploits3References3
Cvelist
Cvelist
added 2020/01/28 1:3 p.m.42 views

CVE-2020-7934

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload wi...

5.2AI score0.04457EPSS
Exploits3References3
Rows per page
Query Builder