NotCVE - vendor:"Liferay" product:"Liferay Portal" version:" >= 7.4.3.4 <= 7.4.3.48"

Page 5 of 44 results (0.015 seconds)

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-28982

https://notcve.org/view.php?id=CVE-2022-28982

21 Sep 2022 — A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag. Una vulnerabilidad de tipo cross-site scripting (XSS) en Liferay Portal versiones v7.3.3 hasta v7.4.2 y Liferay DXP versiones v7.3 anteriores a service pack 3 permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el n... • http://liferay.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 45EXPL: 0

CVE-2022-39975

https://notcve.org/view.php?id=CVE-2022-39975

21 Sep 2022 — The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation. El módulo Layout en Liferay Portal versiones v7.3.3 hasta v7.4.3.34, y Liferay DXP versiones 7.3 anteriores a update 10, y 7.4 anteriores a update 35, no comprueba el permiso del usuario antes de mostrar la vista pre... • http://liferay.com • CWE-862: Missing Authorization •

CVSS: 6.4EPSS: 0%CPEs: 46EXPL: 0

CVE-2022-28979

https://notcve.org/view.php?id=CVE-2022-28979

21 Sep 2022 — Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field. Se ha detectado que Liferay Portal versioens v7.1.0 hasta v7.4.2 y Liferay DXP versiones 7.1 antes del fix pac... • http://liferay.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-25146

https://notcve.org/view.php?id=CVE-2022-25146

02 Mar 2022 — The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. El módulo Remote App en Liferay Portal Liferay Portal v7.4.3.4 hasta v7.4.3.8 y Liferay DXP 7.4 antes de la actualización 5 no comprueba si el origen de los mensajes de evento que recibe coincide con el origen de la Remot... • http://liferay.com • CWE-346: Origin Validation Error •

1...3 4 5