CVE-2017-12646
https://notcve.org/view.php?id=CVE-2017-12646
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un nombre de inicio de sesión, contraseña o dirección de email. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/brianchandotcom/liferay-portal/pull/49833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12647
https://notcve.org/view.php?id=CVE-2017-12647
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un título de artículo de Knowledge Base. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/brianchandotcom/liferay-portal/pull/48901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-10404
https://notcve.org/view.php?id=CVE-2016-10404
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un campo manipulado de redirección a modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/liferay/liferay-portal/commit/333f65bae9106182d12e02d249d4f95e16e93fa2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-5327
https://notcve.org/view.php?id=CVE-2010-5327
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. Liferay Portal hasta la versión 6.2.10 permite a usuarios remotos autenticados ejecutar comandos shell arbitrarios a través de una plantilla Velocity manipulada. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/lps-64547-remote-code-execution-and-privilege-escalation-in-templates https://github.com/liferay/liferay-portal/commit/90c4e85a8f8135f069f3f05e4d54a77704769f91 https://issues.liferay.com/browse/LPE-14964 https://issues.liferay.com/browse/LPS-64547 https://issues.liferay.com/browse/LPS-7087 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-3670 – Liferay CE < 6.2 CE GA6 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-3670
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field. Vulnerabilidad de XSS en users.jsp en la funcionalidad Profile Search functionality en Liferay en versiones anteriores a 7.0.0 CE RC1 permite a atacantes remotos inyectar comandos web o HTML arbitrarios a través del campo FirstName. Liferay CE versions prior to 6.2 CE GA6 suffer from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/39880 http://packetstormsecurity.com/files/137279/Liferay-CE-Stored-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2016/Jun/5 http://www.securitytracker.com/id/1036083 https://issues.liferay.com/browse/LPS-62387 https://labs.integrity.pt/advisories/cve-2016-3670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •