CVE-2022-42131 Liferay products are affected by SSL certificate validation in the Dynamic Data Mapping module's REST data providers.
This issue was resolved in Liferay version 7.5. Bug: When you enable a REST data provider in a Dynamic Data Map, the validation of
CVE-2022-42119 Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module
In some cases malicious users can inject malicious scripts into the system through the Commerce REST API. An attacker can exploit this by injecting a
CVE-2022-42121 SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA. It can allow remote attackers to execute arbitrary SQL commands.
CVE-2019-1841 was confirmed to exist in Liferay. When exploited, the issue allows unauthenticated attackers to execute arbitrary SQL commands in the SQL database, obtain access
CVE-2022-42110 An XSS vulnerability in Liferay Portal and Liferay DXP allows remote attackers to inject arbitrary web script.
When creating a new Announcement, the application does not properly sanitize user-supplied input, resulting in XSS. When editing an existing Announcement, the application does not
CVE-2022-34329 - How Attackers Can Steal Sensitive Data from IBM CICS TX 11.7 HTTP Headers
In today's connected world, even the tiniest software slip can open the door to cybercriminals. IBM CICS Transaction Server (TX) 11.7 is
Episode
00:00:00
00:00:00