Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2019-16891

Disclosure Date: October 04, 2019 (last updated November 27, 2024)
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-6588

Disclosure Date: June 03, 2019 (last updated November 27, 2024)
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.
0
0
Attacker Value
Unknown

CVE-2017-17868

Disclosure Date: December 27, 2017 (last updated November 26, 2024)
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.
0
0