CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 1CVE-2020-13445
https://notcve.org/view.php?id=CVE-2020-13445
In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates. En Liferay Portal versiones anteriores a 7.3.2 y Liferay DXP versiones 7.0 anteriores a fixpack 92, versiones 7.1 anteriores a fixpack 18 y versiones 7.2 anteriores a fixpack 6, la API de plantilla no restringe el acceso del usuario a objetos confidenciales, lo que permite a usuarios autenticados remotos ejecutar código arbitrario por medio de plantillas FreeMarker y Velocity diseñadas • https://issues.liferay.com/browse/LPE-17023 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411 https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 12CVE-2020-7961 – Liferay Portal Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). Una Deserialización de Datos No Confiables en Liferay Portal versiones anteriores a 7.2.1 CE GA2, permite a atacantes remotos ejecutar código arbitrario por medio de los servicios web JSON (JSONWS). Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services. • https://www.exploit-db.com/exploits/48332 https://github.com/mzer0one/CVE-2020-7961-POC https://github.com/ShutdownRepo/CVE-2020-7961 https://github.com/CrackerCat/CVE-2020-7961-Mass https://github.com/shacojx/LifeRCEJsonWSTool-POC-CVE-2020-7961-Gui https://github.com/shacojx/POC-CVE-2020-7961-Token-iterate https://github.com/shacojx/GLiferay-CVE-2020-7961-golang https://github.com/thelostworldFree/CVE-2020-7961-payloads https://github.com/manrop2702/CVE-2020-7961 https://githu • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7934 – LifeRay 7.2.1 GA2 - Stored XSS
https://notcve.org/view.php?id=CVE-2020-7934
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1. En LifeRay Portal CE versiones 7.1.0 hasta 7.2.1 GA2, los campos First Name, Middle Name, y Last Name para las cuentas de usuario en MyAccountPortlet son vulnerables a un problema de tipo XSS persistente. • https://www.exploit-db.com/exploits/49091 https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934 http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html https://semanticbits.com/liferay-portal-authenticated-xss-disclosure • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 75EXPL: 3CVE-2019-16891
https://notcve.org/view.php?id=CVE-2019-16891
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. Liferay Portal CE versión 6.2.5, permite la ejecución de comandos remota debido a la deserialización de una carga útil JSON. • https://dappsec.substack.com/p/an-advisory-for-cve-2019-16891-from https://sec.vnpt.vn/2019/09/liferay-deserialization-json-deserialization-part-4 https://www.liferay.com/downloads-community https://www.youtube.com/watch?v=DjMEfQW3bf0 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2019-16147
https://notcve.org/view.php?id=CVE-2019-16147
Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. Liferay Portal versiones hasta 7.2.0 GA1, permite un ataque de tipo XSS por medio de un título de artículo de revista en el archivo journal_article/page.jsp en journal/journal-taglib. • https://github.com/liferay/liferay-portal/commit/7e063aed70f947a92bb43a4471e0c4e650fe8f7f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •