Page 4 of 32 results (0.001 seconds)

CVSS: 4.7EPSS: 0%CPEs: 64EXPL: 2

CVE-2019-6588 – Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-6588

03 Jun 2019 — In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call or . Liferay Portal out-of-the-box behavior with no customizations is not vulnerable. En el Portal Liferay anterior a 7.1 CE GA4, existe una vulnerabilidad de XSS en la API SimpleCaptcha cuando el código personalizado pasa una entrada sin autorizac... • https://packetstorm.news/files/id/153252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-1000425

https://notcve.org/view.php?id=CVE-2017-1000425

02 Jan 2018 — Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en la página /html/portal/flash.jsp en Liferay Portal CE 7.0 GA4 y anteriores permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un URI javascript: en el parámetro "movie". • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/cst-7030-multiple-xss-vulnerabilities-in-7-0-ce-ga4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •