4 matches found
Cross-site Scripting (XSS)
Overview com.liferay:com.liferay.portal.workflow.web is a Liferay Portal Workflow Web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Custom Object label field. An attacker can execute arbitrary JavaScript code in the context of other users by injecting...
GHSA-RCC7-JX7P-HRV4 Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting
A stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA...
CVE-2024-0408
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...
Microsoft Windows 10: Modify an object label
This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. OpenVAS...