GHSA-62r2-gcxr-426x:  starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

GHSA-7p89-p6hx-q4fw: basic-auth-connect's callback uses time unsafe string comparison

GHSA-h5q3-fjp4-2x7r: MantisBT vulnerable to information disclosure with user profiles

GHSA-5rfv-66g4-jr8h: RestrictedPython information leakage via `AttributeError.obj` and the `string` module

GHSA-jq3f-mfmg-747x: Eclipse Glassfish improperly handles http parameters

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.

**Liferay Portal Missing Authorization vulnerability**

Moderate severity GitHub Reviewed Published Sep 23, 2022 • Updated Sep 23, 2022

Headline

GHSA-83qx-288m-72w4: Liferay Portal Missing Authorization vulnerability

ghsa: Latest News