Security
Headlines
HeadlinesLatestCVEs

Tag

#java

GHSA-fvqv-593q-qp8r: Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.6, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript into the PortalUtil.escapeRedirect

ghsa
Open in Source
#xss#vulnerability#web#java#auth
GHSA-g6rx-6wfx-gj74: Bouncy Castle for Java has Out-of-Bounds Write Vulnerability

Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0.

GHSA-jfcv-jv9g-2vx2: Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java. This issue affects Bouncy Castle for Java FIPS: from BC-FJA 2.1.0 through 2.1.0.

GHSA-r367-q549-pgr5: Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.

GHSA-58cq-8wm2-6m87: Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.13, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript into the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_type parameter.

GHSA-q2gv-w583-f2vq: Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 through 2025.Q2.2 and 2024.Q1.13 through 2024.Q1.19 allows a remote authenticated user to inject JavaScript code via snippet parameter.

GHSA-xr97-25v7-hc2q: UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality

### Summary Affected Functionality: User creation Endpoint: `/admin/settings/users/create` ### Details https://github.com/unopim/unopim/blob/a0dc81947a59ada69e19e1e4313dd591d4e277b4/packages/Webkul/Core/src/Traits/Sanitizer.php#L9-L19 See the mimetype is checked for validation. Mime-type is usually identified by analysing the first few bytes of the file content, which contains the File signature or Magic bytes for e.g. GIF file starts with GIF87a or GIF89a. We can mislead the sanitizer to think the uploaded file is gif ( based on magic byte provided ) while actually it is a .svg file. File containing <svg> is considered as svg and is sanitized: ![image](https://github.com/user-attachments/assets/bcb0ce04-6bbe-4058-81da-927331247d3d) ``` Content-Disposition: form-data; name="image[]"; filename="poc.html" Content-Type: image/svg+xml <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" width="200" height="200" viewBox="0 0 200 200" onload="alert(5)"> <rect ...

GHSA-p72g-pv48-7w9x: Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.

GHSA-mpww-r37c-vxjw: Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_portletNamespace and _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_namespace parameter.

GHSA-62pf-hcwj-rcfc: Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_definition parameter.