Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-p9xg-9378-cqp7: Cross-site scripting in Liferay Portal

Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.

ghsa
Open in Source
#xss#vulnerability#web#git

Cross-site scripting in Liferay Portal

Moderate severity GitHub Reviewed Published May 24, 2023 to the GitHub Advisory Database • Updated May 24, 2023

Related news

CVE-2023-33943: CVE-2023-33943 XSS with user name in account - Liferay

Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability
ghsa