471
|
- |
|
-
|
-
|
The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupp…
Update
|
-
|
CVE-2024-26265
|
2024-10-3 01:15 |
2024-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
472
|
8.1 |
HIGH
Network
|
liferay
|
dxp liferay_portal
|
In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter…
Update
|
NVD-CWE-noinfo
|
CVE-2024-25148
|
2024-10-3 01:15 |
2024-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
473
|
6.5 |
MEDIUM
Network
|
liferay
|
dxp liferay_portal
|
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported ve…
Update
|
CWE-834
Excessive Iteration
|
CVE-2024-25144
|
2024-10-3 01:15 |
2024-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
474
|
- |
|
-
|
-
|
The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions,…
Update
|
-
|
CVE-2024-25143
|
2024-10-3 01:15 |
2024-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
475
|
4.3 |
MEDIUM
Network
|
liferay
|
digital_experience_platform liferay_portal
|
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a lis…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-3426
|
2024-10-3 01:15 |
2023-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
476
|
9.8 |
CRITICAL
Network
artbees
|
jupiter_x_core
|
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This m…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7772
|
2024-10-3 01:10 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
477
|
6.5 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insuffici…
Update
|
CWE-89
SQL Injection
|
CVE-2024-8621
|
2024-10-3 01:10 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
478
|
6.1 |
MEDIUM
Network
|
xtendify
|
simple_calendar
|
The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versio…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8549
|
2024-10-3 01:04 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
479
|
6.1 |
MEDIUM
Network
|
itpathsolutions
|
contact_form_to_any_api
|
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sani…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7617
|
2024-10-3 01:02 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
480
|
6.1 |
MEDIUM
Network
|
ellevo
|
ellevo
|
A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-46655
|
2024-10-3 00:40 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|