Page 4 of 81 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 0

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. Una vulnerabilidad de Cross-Site Scripring (XSS) en el módulo Announcements en Liferay Portal 7.1.0 a 7.4.2 y Liferay DXP 7.1 antes del fix pack 27, 7.2 antes del fix pack 17 y 7.3 antes del service pack 3 permite a atacantes remotos inyectar script web arbitrario o HTML. • https://issues.liferay.com/browse/LPE-17403 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 52EXPL: 0

A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el widget Sort del módulo Portal Search en Liferay Portal versiones 7.2.0 hasta 7.4.3.24, y Liferay DXP 7.2 versiones anteriores a fix pack 19, 7.3 anteriores a update 5, y DXP versiones 7.4 anteriores a update 25, permite a atacantes remotos inyectar scripts web o HTML arbitrarios por medio de una carga útil diseñada • http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. Un fallo no seguro en el componente auth.login.prompt.enabled de Liferay Portal versiones v7.0.0 hasta v7.4.2, permite a atacantes enumerar nombres de usuarios, nombres de sitios y páginas • https://portal.liferay.dev/learn/security/known-vulnerabilities • CWE-276: Incorrect Default Permissions •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Liferay Portal versión v7.4.3.4 y Liferay DXP versión v7.4 GA, permiten a atacantes ejecutar scripts web o HTML arbitrarios por medio de parámetros con el prefijo filter_ • http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 116EXPL: 0

Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name. Una vulnerabilidad de tipo cross-site scripting (XSS) Almacenado en la página de administración de la membresía del usuario del módulo Site en Liferay Portal versiones 7.0.1 hasta 7.4.1, y Liferay DXP versión 7.0 versiones anteriores a fix pack 102, 7.1 anteriores a fix pack 26, 7.2 anteriores a fix pack 15, y 7.3 anteriores a service pack 3, permite a atacantes remotos inyectar scripts web o HTML arbitrarios por medio del nombre de un usuario • http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •