Lucene search
K

7 matches found

cnnvd
cnnvd
added 2023/10/17 12:0 a.m.5 views

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

9CVSS5.7AI score0.02239EPSS
Exploits1References2
nvd
nvd
added 2023/05/24 1:15 p.m.31 views

CVE-2023-33937

Stored cross-site scripting XSS vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's name fiel...

5.4CVSS5.2AI score0.00446EPSS
Exploits0References1
github
github
added 2022/11/15 12:0 p.m.7 views

Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module

A Cross-site scripting XSS vulnerability in the Announcements module before 6.0.11 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00562EPSS
Exploits0References5Affected Software2
prion
prion
added 2022/11/15 12:15 a.m.21 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

5.8CVSS6.1AI score0.00562EPSS
Exploits0References2Affected Software2
cvelist
cvelist
added 2022/11/15 12:0 a.m.36 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

5.4AI score0.00243EPSS
Exploits0References2
osv
osv
added 2022/11/14 12:0 a.m.21 views

CVE-2022-42110

A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00562EPSS
Exploits0References4
cvelist
cvelist
added 2022/04/25 3:41 p.m.26 views

CVE-2022-26596

Cross-site scripting XSS vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via we...

6.2AI score0.00697EPSS
Exploits0References1
Rows per page
Query Builder