19 matches found
EUVD-2019-16147
Malware in sbrugna...
EUVD-2021-15693
Malware in sbrugna...
GHSA-HWP2-GVM5-452F Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...
Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...
CVE-2021-29047
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer...
Code injection
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer...
CVE-2021-29047
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer...
CVE-2021-29047
The CVE-2021-29047 issue affects Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1, where SimpleCaptcha does not invalidate CAPTCHA answers after use. This allows remote attackers to reuse a previously solved CAPTCHA to perform actions protected by CAPTCHA, effectively bypassing t...
Liferay Portal 授权问题漏洞
Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. A security vulnerability exists in Liferay Enterprise...
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting Vulnerability
Exploit for jsp platform in category web applications Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code calling the ” /...
Liferay Portal 7.1 CE GA4 Cross Site Scripting
Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code calling the ” / JSP taglib, appending a payload like the following to...
Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting
Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code...
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code calling the ” / JSP taglib, appending a payload like the following to...
Liferay Portal Cross-Site Scripting Vulnerability (CNVD-2019-16545)
Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses EJB as well as JMS and other technologies , and can be used as a Web publishing and sharing workspaces , enterprise collaboration platforms , social networks and so on. A cross-site scripting vulnerability exists ...
CVE-2019-6588
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...
CVE-2019-6588
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...
Cross site scripting
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...
CVE-2019-6588
In CVE-2019-6588, Liferay Portal versions prior to 7.1 CE GA4 are vulnerable via the SimpleCaptcha API. The XSS occurs when unsanitized input is passed into the url parameter of the JSP taglibs or . Liferay Portal out-of-the-box behavior with no customizations is not vulnerable. The vulnerabilit...
CVE-2019-6588
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...