Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-876g-49r6-33qj
  • Maven/com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl
Liferay Portal allows improper access through the expandoTableLocalService yesterday
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-hq8m-v68g-8cf8
  • Maven/org.opencastproject:opencast-user-interface-configuration
Opencast has a partial path traversal vulnerability in UI config yesterday
  • Fix available
  • Severity - 2.7 (Low)
GHSA-w48j-pp7j-fj55
  • Maven/com.ritense.valtimo:core
Valtimo scripting engine can be used to gain access to sensitive data or resources 2 days ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-9m7c-m33f-3429
  • Maven/org.xwiki.platform:xwiki-platform-export-pdf-api
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses 2 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-5c4f-pxmx-xcm4
  • Maven/org.apache.cassandra:cassandra-all
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) 5 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-h8gx-4hhm-w45v
  • Maven/com.liferay:com.liferay.journal.service
Liferay Portal stored cross-site scripting in text field of the web content structure 23 Aug
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-mf9q-87xx-jgvv
  • Maven/com.liferay:com.liferay.style.book.web
Liferay Portal allows unrestricted upload of file in the style books component 23 Aug
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-23w4-rpc6-wpcc
  • Maven/com.liferay:com.liferay.portal.workflow.kaleo.designer.web
Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet 23 Aug
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-6hj4-v2qp-cqr2
  • Maven/com.liferay:com.liferay.info.impl
Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect 23 Aug
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-cv9j-mg9w-v7wm
  • Maven/com.liferay.portal:com.liferay.portal.impl
Liferay Portal JSONWS API endpoint shares sensitive information 23 Aug
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-h4m4-xp33-37mj
  • Maven/com.liferay.portal:com.liferay.portal.kernel
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter 23 Aug
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-rvmf-jw8g-r35r
  • Maven/com.liferay:com.liferay.plugins.admin.web
Liferay Portal vulnerable to Stored XSS in Components portlet 23 Aug
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-3h7r-4xxj-3mfm
  • Maven/com.liferay:com.liferay.frontend.editor.ckeditor.web
  • Maven/com.liferay:com.liferay.frontend.js.dependencies.web
  • npm/liferay-ckeditor
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint 22 Aug
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-84pp-qr92-95c9
  • Maven/com.liferay:com.liferay.dynamic.data.mapping.form.web
  • Maven/com.liferay:com.liferay.dynamic.data.mapping.form.field.type
Liferay Portal users can upload an unlimited amount of files 22 Aug
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mm62-gwj5-j285
  • Maven/com.liferay:com.liferay.frontend.js.web
  • Maven/com.liferay:com.liferay.object.dynamic.data.mapping.form.field.type
  • Maven/com.liferay:com.liferay.object.web
Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry 22 Aug
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-w3cr-3xw2-rp78
  • Maven/com.liferay:com.liferay.layout.impl
Liferay Portal users are able to add system admin portlets to pages 22 Aug
  • Fix available
  • Severity - 6.7 (Medium)