Kategori: General

CVE-2023-26439

The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access…

Devamını oku

CVE-2023-26443

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign…

Devamını oku

CVE-2023-26445

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be…

Devamını oku

CVE-2023-26447

The “upsell” widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being…

Devamını oku

CVE-2023-3426

The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote…

Devamını oku

CVE-2023-3401

An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before…

Devamını oku