Page 7 of 63 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-29047

https://notcve.org/view.php?id=CVE-2021-29047

16 May 2021 — The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer. La implementación de SimpleCaptcha en Liferay Portal versiones 7.3.4, 7.3.5 y Liferay DXP versiones 7.3 anteriores al fixpack 1, no invalida las respuestas CAPTCHA después de su uso, lo que permite a atacantes remotos llevar a ... • http://liferay.com • CWE-287: Improper Authentication •

CVSS: 5.3EPSS: 0%CPEs: 98EXPL: 0

CVE-2021-29040

https://notcve.org/view.php?id=CVE-2021-29040

16 May 2021 — The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs. Los servicios web JSON en Liferay Portal versiones 7.3.4 y anteriores, y Liferay DXP versiones 7.0 anteriores al fixpack 97, versiones 7.1 anteriores al fixpack 20 y versiones 7.2 anterio... • http://liferay.com • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-29039

https://notcve.org/view.php?id=CVE-2021-29039

16 May 2021 — Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name. Una vulnerabilidad de tipo Cross-site scripting (XSS) en la página de administración de categorías del módulo Asset en Liferay Portal versión 7.3.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios por medio del nombre del sitio • http://liferay.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •