10 matches found
CVE-2021-33332
Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...
EUVD-2014-3430
Malware in sbrugna...
com.liferay:com.liferay.css.builder (>=1.0.8 <=1.0.14), com.liferay:com.liferay.deployment.helper (>=1.0.0 <=1.0.2) +8 more potentially affected by CVE-2022-41414 via com.liferay.portal:portal-impl (=7.0.0-nightly)
com.liferay.portal:portal-impl MAVEN version =7.0.0-nightly is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay.portal:portal-impl and may be impacted: - com.liferay:com.liferay.css.builder =1.0.8, =1.0.0, =1.0.6, =1.0.3, =1.0.3, =1.0.47,...
CVE-2021-33332
Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2021-33332
Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2021-33327
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...
CVE-2021-33327
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...
Design/Logic Flaw
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...
CVE-2021-33327
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...
CVE-2014-3417
CVE-2014-3417 affects uPortal before 4.0.13.1. The issue is an improper check of the CONFIG permission, allowing remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet. The description implies a fix in 4.0.13.1; no exploitation details or in-the-wild...