Security
Headlines

Headlines Latest CVEs

Headline

GHSA-pfwc-4frf-4gf8: Cross-site scripting in Liferay Portal

Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment’s URL text field.

1 year ago

#xss #vulnerability #web #git

Cross-site scripting in Liferay Portal

Moderate severity GitHub Reviewed Published May 24, 2023 to the GitHub Advisory Database • Updated May 24, 2023

Related news

CVE-2023-33944: CVE-2023-33944 XSS with container layout fragment URL - Liferay

Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.

1 year ago

#xss #vulnerability #web

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

1 day ago

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

1 day ago

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

1 day ago

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

1 day ago

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

1 day ago