Lucene search
+L

4 matches found

Snyk
Snyk
added 2025/09/09 3:31 p.m.4 views

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.portal.workflow.web is a Liferay Portal Workflow Web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Custom Object label field. An attacker can execute arbitrary JavaScript code in the context of other users by injecting...

5.4CVSS5.3AI score0.002EPSS
Exploits0References2
OSV
OSV
added 2025/09/09 3:31 p.m.10 views

GHSA-RCC7-JX7P-HRV4 Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting

A stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA...

4.6CVSS6.1AI score0.002EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/01/18 3:40 p.m.32 views

CVE-2024-0408

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...

5.5CVSS7.9AI score0.00321EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/04/30 12:0 a.m.54 views

Microsoft Windows 10: Modify an object label

This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. OpenVAS...

0.1AI score
Exploits0
Rows per page
Query Builder