CVE-2021-29046
- EPSS 0.26%
- Published 17.05.2021 11:15:07
- Last modified 21.11.2024 06:00:35
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_cate...
CVE-2021-29053
- EPSS 0.38%
- Published 17.05.2021 11:15:07
- Last modified 21.11.2024 06:00:36
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) ...
CVE-2021-29041
- EPSS 0.52%
- Published 16.05.2021 16:15:07
- Last modified 21.11.2024 06:00:34
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on ...
CVE-2021-29047
- EPSS 0.21%
- Published 16.05.2021 16:15:07
- Last modified 21.11.2024 06:00:35
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge b...