Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Why Front-End Development Matters for Online Businesses?

By Owais Sultan Front-end development, sometimes called client-side development, creates CSS, HTML, and JavaScript for online apps and sites so users… This is a post from HackRead.com Read the original post: Why Front-End Development Matters for Online Businesses?

HackRead
#web#git#java#kotlin
Anne Neuberger, a Top White House Cyber Official, Sees the 'Promise and Peril' in AI

Anne Neuberger, the Biden administration’s deputy national security adviser for cyber, tells WIRED about emerging cybersecurity threats—and what the US plans to do about them.

Unsecured Database Leaks 153 GB of Filipino Student and Family Data

By Deeba Ahmed Personal Information of 200,000+ Exposed in Philippine School Voucher Program Portal Data Leak. This is a post from HackRead.com Read the original post: Unsecured Database Leaks 153 GB of Filipino Student and Family Data

GHSA-hgr6-6hhw-883f: Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing

The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.

GHSA-rwhv-hvj2-qrqm: Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting

Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.

GHSA-rwxc-4cmw-7x75: Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting

Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.

GHSA-v2xq-m22w-jmpr: Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting

Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field

GHSA-73x3-8mrg-5r93: Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting

Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key` parameter.

GHSA-54pv-r62j-9qqc: Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting

Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2` parameter.

GHSA-468x-frcm-ghx6: Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting

Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field