Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Site Memberships Web before 5.0.10 from Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before...

GHSA-7M65-HMVG-RXPC Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Site Memberships Web before 5.0.10 from Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before...

CVE-2022-28978

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

PT-2022-19338 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.0.1 through 7.4.1 Liferay DXP 7.0 before fix pack 102 Liferay DXP 7.1 before fix pack 26 Liferay DXP 7.2 before fix pack 15 Liferay DXP 7.3 before service pack 3 Description: A stored cross-site scripting XSS issue i...

CVE-2021-29044

Cross-site scripting XSS vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary w...

CVE-2007-1033

CVE-2007-1033 affects the Drupal Secure site module (versions 4.7.x-1.x-dev and 5.x-1.x-dev). The issue permits remote attackers to bypass access restrictions by requesting a crafted URL, enabling partial confidentiality/integrity/availability impact as indicated by the CVSS vector (AV:N/AC:L/Au:...