Lucene search
+L

330 matches found

CVE
CVE
added 2024/02/07 2:57 p.m.84 views

CVE-2024-25145

CVE-2024-25145 describes a stored cross-site scripting (XSS) vulnerability in the Portal Search module’s Search Result app of Liferay Portal 7.2.0–7.4.3.11, and older unsupported versions, plus certain Liferay DXP builds. The issue allows remote authenticated users to inject arbitrary script/HTML...

9.6CVSS5AI score0.00563EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2022/11/15 12:0 p.m.5 views

GHSA-MR77-4PM4-X9VM Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module

A Cross-site scripting XSS vulnerability in the Portal Search module before 6.0.12 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag...

6.1CVSS6.2AI score0.00897EPSS
Exploits0References6
NVD
NVD
added 2022/11/15 1:15 a.m.31 views

CVE-2022-42118

A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...

6.1CVSS0.00897EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 12:0 a.m.23 views

CVE-2022-42118

A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...

6.1CVSS5.9AI score0.00897EPSS
Exploits0References4
OSV
OSV
added 2022/10/19 8:28 p.m.5 views

DRUPAL-CONTRIB-2022-059

This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't in all cases correctly detect whether a given search is active on the current page, leading to potential information disclosure for some setups. This vulnerability is mitigated ...

6.2AI score
Exploits0References1
OSV
OSV
added 2022/10/19 12:0 p.m.4 views

GHSA-7F7G-VHFF-MJQJ Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget before 6.0.45 from Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via...

5.4CVSS5.2AI score0.00479EPSS
Exploits0References7
NVD
NVD
added 2022/10/18 9:15 p.m.17 views

CVE-2022-42112

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

5.4CVSS0.00479EPSS
Exploits0References1
Prion
Prion
added 2022/10/18 9:15 p.m.23 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

4.9CVSS5.3AI score0.00479EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.2 views

PT-2022-26257 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.24 Liferay DXP 7.2 before fix pack 19 Liferay DXP 7.3 before update 5 Liferay DXP 7.4 before update 25 Description: A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget...

5.4CVSS5.3AI score0.00479EPSS
Exploits0References12
OSV
OSV
added 2022/10/18 12:0 a.m.19 views

CVE-2022-42112

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

5.4CVSS5.8AI score0.00479EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/23 12:0 a.m.6 views

Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module

In Search Web before v6.0.19 in Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerabili...

6.1CVSS5.9AI score0.00391EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2022/09/23 12:0 a.m.5 views

GHSA-7R3W-WGGM-PJWF Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module

In Search Web before v6.0.19 in Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerabili...

6.1CVSS5.9AI score0.00391EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/09/21 11:22 p.m.28 views

CVE-2022-28979

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute...

6.1AI score0.00391EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 5:41 p.m.31 views

Magento Blind SQL Injection in the Search module

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is...

9.1CVSS8AI score0.02772EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/24 5:41 p.m.18 views

GHSA-RJ4F-CP4V-HVCV Magento Blind SQL Injection in the Search module

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is...

9.1CVSS8.1AI score0.02772EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 4:52 p.m.27 views

GHSA-MP9R-RH95-F8F8 Magento 2 Community Edition RCE Vulnerability

Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure th...

8.8CVSS8.8AI score0.01954EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/14 3:49 a.m.24 views

eZ Publish Cross-site Scripting (XSS) vulnerability

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12.0 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials...

6.1CVSS6.2AI score0.00679EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/14 3:49 a.m.21 views

GHSA-M98Q-P5GQ-Q5FF eZ Publish Cross-site Scripting (XSS) vulnerability

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12.0 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials...

6.1CVSS6.1AI score0.00679EPSS
Exploits0References5
Snyk
Snyk
added 2022/02/03 7:51 a.m.4 views

Out-of-bounds Read

Overview fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows...

5.3CVSS6.8AI score0.01068EPSS
Exploits1References2
Drupal
Drupal
added 2021/12/08 12:0 a.m.18 views

Search API Pages - Critical - Cross Site Scripting - SA-CONTRIB-2021-046

This module enables you to create simple search pages based on Search API without the use of Views. The module doesn’t sufficiently escape all variables provided for custom templates. This vulnerability is mitigated by the fact that the default template provided by the module is not affected...

6.7AI score
Exploits0References7
Rows per page
Query Builder