CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

CVE-2022-42114 Stored XSS with role key in edit assignees page

**Date**

Tue, 18 Oct 2022 08:49:00 +0000

**Title**

CVE-2022-42114 Stored XSS with role key in edit assignees page

**Description**

Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via the \`\_com\_liferay\_roles\_admin\_web\_portlet\_RolesAdminPortlet\_name\` parameter.

**Severity**

Severity 2

**Notes**

There is no patch available for Liferay Portal 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA37 (7.4.3.37) or later.

Headline

CVE-2022-42114: CVE-2022-42114 Stored XSS with role key in edit assignees page - Liferay Portal - Liferay Faces

CVE: Latest News