Güncel Güvenlik Açıkları

Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter. Devamını Oku Kaynak: NIST

Liferay Portal through v7.3.6 and Liferay DXP through v7.3 were discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Blog Entry function under the Blog module. Devamını Oku Kaynak: NIST

Liferay Portal through v7.4.0 and Liferay DXP through v7.1 were discovered to contain a cross-site scripting (XSS) vulnerability via the Gogo Shell module. Devamını Oku Kaynak: NIST

David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() in "/ok_png.c:533". Devamını Oku Kaynak: NIST

David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in "/ok_png.c". Devamını Oku Kaynak: NIST

HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. Devamını Oku Kaynak: NIST

Printix Secure Cloud Print Management 1.3.1035.0 incorrectly uses Privileged APIs. Devamını Oku Kaynak: NIST

The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. Devamını Oku Kaynak: NIST

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. Devamını Oku Kaynak: NIST