GHSA-H4M4-XP33-37MJ Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

PT-2024-5211 · Telerik · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q2 10.1.24.709 Description: The issue is related to an insecure deserialization vulnerability in the Telerik Report Server, which can be exploited to allow a remote attacker to execute...

PT-2024-37876 · National Instruments · Ni Veristand

Name of the Vulnerable Software and Affected Versions: NI VeriStand versions 2024 Q2 and prior Description: The issue is related to missing authorization checks when accessing File Transfer resources, potentially leading to information disclosure or remote code execution. Recommendations: For NI...

PT-2024-29683 · Progress · Telerik Reporting

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Reporting versions prior to 2024 Q2 18.1.24.2.514 Description: A code execution attack is possible by a local threat actor through an insecure deserialization vulnerability, allowing for potential exploitation...