Page 6 of 84 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 0

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. Una vulnerabilidad de Cross-Site Scripring (XSS) en el módulo Announcements en Liferay Portal 7.1.0 a 7.4.2 y Liferay DXP 7.1 antes del fix pack 27, 7.2 antes del fix pack 17 y 7.3 antes del service pack 3 permite a atacantes remotos inyectar script web arbitrario o HTML. • https://issues.liferay.com/browse/LPE-17403 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 1

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el módulo Document and Media - funcionalidad de descarga de archivos en Liferay Digital Experience Platform versión 7.3.10 SP3, permite a atacantes remotos inyectar scripts JS o HTML arbitrarias en el campo description del archivo svg descargado • http://liferay.com https://drive.proton.me/urls/D27RQ14NGW#b71d8XrBl2Mu https://www.offensity.com/en/blog/authenticated-persistent-xss-in-liferay-dxp-cms-cve-2022-38901-and-cve-2022-38902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter. Una vulnerabilidad de Cross-site scripting (XSS) en la integración del módulo Frontend Editor con CKEditor en Liferay Portal versiones 7.3.2 hasta 7.4.3.14, y Liferay DXP versiones 7.3 anteriores a update 6, y versiones 7.4 anteriores a update 15, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio del parámetro (1) name, o (2) namespace • http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el módulo Frontend Taglib en Liferay Portal versiones 7.3.2 hasta 7.4.3.16, y Liferay DXP versiones 7.3 anteriores a update 6, y versiones 7.4 anteriores a 17, permite a atacantes remotos inyectar script web o HTML arbitrarios • http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 52EXPL: 0

A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el widget Sort del módulo Portal Search en Liferay Portal versiones 7.2.0 hasta 7.4.3.24, y Liferay DXP 7.2 versiones anteriores a fix pack 19, 7.3 anteriores a update 5, y DXP versiones 7.4 anteriores a update 25, permite a atacantes remotos inyectar scripts web o HTML arbitrarios por medio de una carga útil diseñada • http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •