RSS   Vulnerabilities for 'Digital experience platform'   RSS

2022-04-19
 
CVE-2022-26593

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.

 
 
CVE-2022-26595

CWE-276
 

 
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.

 
2022-03-02
 
CVE-2021-38266

NVD-CWE-noinfo
 

 
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.

 
2022-03-03
 
CVE-2022-25146

CWE-346
 

 
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.

 
2022-03-02
 
CVE-2021-38268

CWE-276
 

 
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API.

 
2020-09-22
 
CVE-2020-15839

CWE-434
 

 
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.

 

 >>> Vendor: Liferay 7 Products
Liferay enterprise portal
Liferay portal enterprise
Portal
Liferay portal
Liferay
DXP
Digital experience platform


Copyright 2024, cxsecurity.com

 

Back to Top