Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-w48j-pp7j-fj55
  • Maven/com.ritense.valtimo:core
 Valtimo scripting engine can be used to gain access to sensitive data or resources 3 hours ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-9m7c-m33f-3429
  • Maven/org.xwiki.platform:xwiki-platform-export-pdf-api
 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses 4 hours ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-5c4f-pxmx-xcm4
  • Maven/org.apache.cassandra:cassandra-all
 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) 3 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-h8gx-4hhm-w45v
  • Maven/com.liferay:com.liferay.journal.service
 Liferay Portal stored cross-site scripting in text field of the web content structure 5 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-mf9q-87xx-jgvv
  • Maven/com.liferay:com.liferay.style.book.web
 Liferay Portal allows unrestricted upload of file in the style books component 5 days ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-23w4-rpc6-wpcc
  • Maven/com.liferay:com.liferay.portal.workflow.kaleo.designer.web
 Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet 5 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-6hj4-v2qp-cqr2
  • Maven/com.liferay:com.liferay.info.impl
 Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect 5 days ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-cv9j-mg9w-v7wm
  • Maven/com.liferay.portal:com.liferay.portal.impl
 Liferay Portal JSONWS API endpoint shares sensitive information 5 days ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-h4m4-xp33-37mj
  • Maven/com.liferay.portal:com.liferay.portal.kernel
 Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter 5 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-rvmf-jw8g-r35r
  • Maven/com.liferay:com.liferay.plugins.admin.web
 Liferay Portal vulnerable to Stored XSS in Components portlet 5 days ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-3h7r-4xxj-3mfm
  • Maven/com.liferay:com.liferay.frontend.editor.ckeditor.web
  • Maven/com.liferay:com.liferay.frontend.js.dependencies.web
  • npm/liferay-ckeditor
 Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint 5 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-84pp-qr92-95c9
  • Maven/com.liferay:com.liferay.dynamic.data.mapping.form.web
  • Maven/com.liferay:com.liferay.dynamic.data.mapping.form.field.type
 Liferay Portal users can upload an unlimited amount of files 5 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mm62-gwj5-j285
  • Maven/com.liferay:com.liferay.frontend.js.web
  • Maven/com.liferay:com.liferay.object.dynamic.data.mapping.form.field.type
  • Maven/com.liferay:com.liferay.object.web
 Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry 5 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-w3cr-3xw2-rp78
  • Maven/com.liferay:com.liferay.layout.impl
 Liferay Portal users are able to add system admin portlets to pages 5 days ago
  • Fix available
  • Severity - 6.7 (Medium)
GHSA-fvqv-593q-qp8r
  • Maven/com.liferay.portal:release.portal.bom
 Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect 6 days ago
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-xwc5-q44v-p6gg
  • Maven/com.liferay:com.liferay.login.web
 Liferay Portal User Enumeration Vulnerability via the Create Account Page 6 days ago
  • Fix available
  • Severity - 6.9 (Medium)
Load more...