Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-px38-239g-x5mg: Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page

Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy’s Service Class text field.

ghsa
#xss#vulnerability#web#git#java#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-37940

Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page

Moderate severity GitHub Reviewed Published Dec 18, 2024 to the GitHub Advisory Database • Updated Dec 18, 2024

Package

maven com.liferay.portal:release.dxp.bom (Maven)

Affected versions

>= 7.0, < 7.3.10.u30

>= 7.4, < 7.4.13.u88

Patched versions

7.3.10.u30

7.4.13.u88

maven com.liferay.portal:release.portal.bom (Maven)

Published to the GitHub Advisory Database

Dec 18, 2024

Last updated

Dec 18, 2024

ghsa: Latest News

GHSA-cmwp-442x-3rcv: Piranha CMS Cross-site Scripting vulnerability