Vulnerabilities > Liferay > Liferay Portal > 6.2.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-07 | CVE-2018-10795 | Unrestricted Upload of File with Dangerous Type vulnerability in Liferay Portal Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. | 8.8 |
2018-01-02 | CVE-2017-1000425 | Cross-site Scripting vulnerability in Liferay Portal Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. | 4.3 |
2017-01-13 | CVE-2010-5327 | Permissions, Privileges, and Access Controls vulnerability in Liferay Portal Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. | 6.5 |