Page 6 of 30 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante una marcador URL. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/brianchandotcom/liferay-portal/pull/47888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un nombre de inicio de sesión, contraseña o dirección de email. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/brianchandotcom/liferay-portal/pull/49833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un título de artículo de Knowledge Base. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/brianchandotcom/liferay-portal/pull/48901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un campo manipulado de redirección a modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://github.com/liferay/liferay-portal/commit/333f65bae9106182d12e02d249d4f95e16e93fa2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. Liferay Portal hasta la versión 6.2.10 permite a usuarios remotos autenticados ejecutar comandos shell arbitrarios a través de una plantilla Velocity manipulada. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/lps-64547-remote-code-execution-and-privilege-escalation-in-templates https://github.com/liferay/liferay-portal/commit/90c4e85a8f8135f069f3f05e4d54a77704769f91 https://issues.liferay.com/browse/LPE-14964 https://issues.liferay.com/browse/LPS-64547 https://issues.liferay.com/browse/LPS-7087 • CWE-264: Permissions, Privileges, and Access Controls •