14 matches found
CVE-2023-33940
Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...
Cross-site Scripting (XSS)
com.liferay.client.extension.type.impl is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the IFrame-type remote apps in the library because it does not properly escape the URL fields, which allows an attacker to inject and execute malicious JavaScript through the remote app's...
Cross-site scripting in Liferay Portal
Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...
GHSA-X82Q-MR23-27JC Cross-site scripting in Liferay Portal
Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...
CVE-2023-33940
Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...
CVE-2023-33940
Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...
Cross site scripting
Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...
CVE-2023-33940
Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...
CVE-2023-33940
CVE-2023-33940 affects Liferay Portal 7.4.0–7.4.3.30 and Liferay DXP 7.4 prior to update 31. The vulnerability is a cross-site scripting (XSS) flaw in the IFrame type Remote Apps, allowing an attacker to inject arbitrary script/HTML via the Remote App's IFrame URL. Mitigation: upgrade to Liferay ...
CVE-2023-33940
Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...
PT-2023-24582
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.30 Liferay DXP 7.4 before update 31 Description A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL in IFrame type Remote...
Samsung Exynos kernel exploit offer Root without Flashing
A user over at the XDA Developers Forum has gone searching through Samsung Exynos kernels and has found one whopper of an exploit. There's both good and bad news with this exploit so head down below for more details on this new found glory. This exploits affects a number of Samsung-made devices,...
JDK: unspecified vulnerability fixed in 6u29 (Swing)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and...
OpenJDK Swing timer-based security manager bypass (6907662)
Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, an...