Page 6 of 37 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-42127

https://notcve.org/view.php?id=CVE-2022-42127

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. El módulo URL Amigables en Liferay Portal v7.4.3.5 a 7.4.3.36 y Liferay DXP 7.4 actualizaciones 1 a 36 no verifica adecuadamente los permisos de usuario, lo que permite a atacantes remotos obtener el historial de todas las URL amigables que se asignaron a una página. • http://liferay.com https://issues.liferay.com/browse/LPE-17607 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42127 • CWE-276: Incorrect Default Permissions •

CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 1

CVE-2022-38901

https://notcve.org/view.php?id=CVE-2022-38901

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el módulo Document and Media - funcionalidad de descarga de archivos en Liferay Digital Experience Platform versión 7.3.10 SP3, permite a atacantes remotos inyectar scripts JS o HTML arbitrarias en el campo description del archivo svg descargado • http://liferay.com https://drive.proton.me/urls/D27RQ14NGW#b71d8XrBl2Mu https://www.offensity.com/en/blog/authenticated-persistent-xss-in-liferay-dxp-cms-cve-2022-38901-and-cve-2022-38902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2022-42113

https://notcve.org/view.php?id=CVE-2022-42113

A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el módulo Document Library de Liferay Portal versiones 7.4.3.30 hasta 7.4.3.36, y Liferay DXP versiones 7.4 update 30 hasta update 36, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio del parámetro "redirect" • http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0

CVE-2022-42114

https://notcve.org/view.php?id=CVE-2022-42114

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML. Una vulnerabilidad de tipo Cross-site scripting (XSS) en la página de edición de asignados de roles del módulo Role en Liferay Portal versiones 7.4.0 hasta 7.4.3.36, y Liferay DXP versiones 7.4 anteriores a update 37, permite a atacantes remotos inyectar script web o HTML arbitrarios • http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0

CVE-2022-42116

https://notcve.org/view.php?id=CVE-2022-42116

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter. Una vulnerabilidad de Cross-site scripting (XSS) en la integración del módulo Frontend Editor con CKEditor en Liferay Portal versiones 7.3.2 hasta 7.4.3.14, y Liferay DXP versiones 7.3 anteriores a update 6, y versiones 7.4 anteriores a update 15, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio del parámetro (1) name, o (2) namespace • http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •