CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 1CVE-2020-13445
https://notcve.org/view.php?id=CVE-2020-13445
In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates. En Liferay Portal versiones anteriores a 7.3.2 y Liferay DXP versiones 7.0 anteriores a fixpack 92, versiones 7.1 anteriores a fixpack 18 y versiones 7.2 anteriores a fixpack 6, la API de plantilla no restringe el acceso del usuario a objetos confidenciales, lo que permite a usuarios autenticados remotos ejecutar código arbitrario por medio de plantillas FreeMarker y Velocity diseñadas • https://issues.liferay.com/browse/LPE-17023 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411 https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7934 – LifeRay 7.2.1 GA2 - Stored XSS
https://notcve.org/view.php?id=CVE-2020-7934
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1. En LifeRay Portal CE versiones 7.1.0 hasta 7.2.1 GA2, los campos First Name, Middle Name, y Last Name para las cuentas de usuario en MyAccountPortlet son vulnerables a un problema de tipo XSS persistente. • https://www.exploit-db.com/exploits/49091 https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934 http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html https://semanticbits.com/liferay-portal-authenticated-xss-disclosure • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •