7 matches found
Embedded Malicious Code
Overview @emilgroup/partner-portal-sdk is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released ...
Malicious code in @vienna_cancer_center_portal/js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a76d15de3b0c984f8b9b8795e5bacb7604de14c2808edf0b4bd7f280c5d82db9 The package @viennacancercenterportal/js was found to contain malicious code. Source: ghsa-malware...
Cross-site Scripting (XSS)
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the googlegadget process. An attacker can execute arbitrary JavaScript in the context of a user's browser by crafting a malicious...
Authorization Bypass Through User-Controlled Key
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter. An attacker can assign an organizatio...
Information Exposure
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Information Exposure via the calendar implementation. An attacker can obtain access to other users' calendars and their names by sending crafted requests, which ma...
Malicious code in soho-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7356090e46fa1891319a6c9ed7748c7533888fe401101bb152a9517f6a8a7283 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: IBM API Connect's Developer Portal(V5) is impacted by a a confidential information leak(CVE-2019-4600)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4600 DESCRIPTION: IBM API Connect could reveal sensitive information to an attacker using a specially crafted HTTP request. CVSS Base Score: 5.3 CVSS Temporal Score: See for the current score...