Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-wvhw-5m89-64gv: Cross-site scripting in Liferay Portal

Cross-site scripting (XSS) vulnerability in the App Builder module’s custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object’s Name field.

ghsa
Open in Source
#xss#vulnerability#web#git

Cross-site scripting in Liferay Portal

Moderate severity GitHub Reviewed Published May 24, 2023 to the GitHub Advisory Database • Updated May 24, 2023

Related news

CVE-2023-33938: CVE-2023-33938 Stored XSS with object name in App Builder - Liferay

Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability
ghsa