Issues
- XSS Vulnerability - google_widgetLPE-18158EE Support
- LSV-1389: Stored XSS on the Announcements and Alerts componentLPE-18122Resolved issue: LPE-18122EE Support
- LSV-1341: Stored XSS with web content translationLPE-17939Resolved issue: LPE-17939EE Support
- LSV-1327: Regular users can edit workflow definitionLPE-17926Resolved issue: LPE-17926EE Support
- When staging a DDL it ignores if the records box is uncheckedLPE-17870Resolved issue: LPE-17870Kiyoshi Lee
- LSV-1246: XSS vulnerability in OAuth2 redirect endpointLPE-17853Resolved issue: LPE-17853EE Support
- LSV-1282: XSS with Document and Media document titleLPE-17852Resolved issue: LPE-17852EE Support
- LSV-1278: CSRF bypass related to `redirect` in Commerce CatalogsLPE-17849Resolved issue: LPE-17849EE Support
- LSV-1277: CSRF bypass related to `p_l_back_url` in content page editorLPE-17848Resolved issue: LPE-17848EE Support
- LSV-1279: User's hashed password appears in page's HTML sourceLPE-17846Resolved issue: LPE-17846EE Support
- Web Content Admin inaccessibleLPE-17840EE Support
- LSV-1269: Open redirect in adaptive mediaLPE-17837Resolved issue: LPE-17837EE Support
- LSV-1267: Open redirect in Countries ManagementLPE-17834Resolved issue: LPE-17834EE Support
- LSV-1265: Mitigate against simple XSS attacks against script consoleLPE-17829Resolved issue: LPE-17829EE Support
- LSV-1257: XSS with `redirect` in export translationLPE-17818Resolved issue: LPE-17818EE Support
- LSV-1254: XSS with `key` in language overrideLPE-17815Resolved issue: LPE-17815EE Support
- LSV-1253: XSS with `tabs2` in role assignmentLPE-17814Resolved issue: LPE-17814EE Support
- LSV-1252: CSRF bypass related to `backURL` in MyAccountPortletLPE-17813Resolved issue: LPE-17813EE Support
- LSV-1250: XSS with Account's 'Blocked Email Domains'LPE-17811Resolved issue: LPE-17811EE Support
- LSV-1246: XSS vulnerability in OAuth2 redirect endpointLPE-17804Resolved issue: LPE-17804EE Support
- LSV-1240: Stored XSS vulnerability with vocabulary descriptionLPE-17797Resolved issue: LPE-17797EE Support
- Creating a Feature Request to create a new setting for Staging. Site Custom Field Value not Available in Staging.LPE-17796Resolved issue: LPE-17796Ryan Snuggs
- LSV-1233: XSS with Service Class in edit Service Access PolicyLPE-17787Resolved issue: LPE-17787EE Support
- LSV-1229: Unauthorized view access to Organization namesLPE-17781Resolved issue: LPE-17781EE Support
- TESTLPE-17775Resolved issue: LPE-17775EE Support
- TESTLPE-17768Resolved issue: LPE-17768EE Support
- TESTLPE-17761EE Support
- LPE-17759: TESTLPE-17760Resolved issue: LPE-17760Lucas Miranda Correia
- LSV-1216: Insecure defaults: virtual.hosts.valid.hostsLPE-17758EE Support
- LSV-1211: Multiple vulnerabilities with `backURL` in layout adminLPE-17752EE Support
- LSV-1203: TESTLPE-17751Resolved issue: LPE-17751EE Support
- LSV-1204: ReDoS vulnerability with Pattern RedirectsLPE-17742Resolved issue: LPE-17742EE Support
- LSV-1201: Use of library with known vulnerability: Jackson Dataformat CBOR 2.10.4 (elasticsearch)LPE-17736Resolved issue: LPE-17736EE Support
- LSV-1194: XSS in PageTreeLPE-17725Resolved issue: LPE-17725EE Support
- LSV-1192: Unauthorized access to Document and Media files via FormsLPE-17722Resolved issue: LPE-17722EE Support
- LSV-1193: XSS with container layout fragment URLLPE-17721Resolved issue: LPE-17721EE Support
- LSV-1183: XSS with user name in accountLPE-17704Resolved issue: LPE-17704EE Support
- Allow attaching arbitrary attributes to HTML elements in Page BuilderLPE-17703EE Support
- LSV-1179: Reflected XSS with DM web portletLPE-17699Resolved issue: LPE-17699EE Support
- LSV-1178: Unauthorized access to object definition via searchLPE-17698Resolved issue: LPE-17698EE Support
- LSV-1175: Use of library with known vulnerability: SnakeYAML 1.32LPE-17688Resolved issue: LPE-17688EE Support
- LSV-1159: Stored XSS with fragment componentsLPE-17671Resolved issue: LPE-17671EE Support
- LSV-1158: Stored XSS with Creole WikiLPE-17668Resolved issue: LPE-17668EE Support
- LSV-1155: Stored XSS with article title in Web Content Display widgetLPE-17661Resolved issue: LPE-17661EE Support
- LSV-1154: Unauthorized access to objects via OAuth 2 scopeLPE-17658Resolved issue: LPE-17658EE Support
- Changing the behavior of the staging publications deletionsLPE-17657Ahmed Abdin
- LSV-1149: RCE with PortletURLActionLPE-17650Resolved issue: LPE-17650EE Support
- RHEL (Red-Hat Enterprise Linux - 9) Compatibility/Certification for Liferay DXP 7.4LPE-17649Resolved issue: LPE-17649EE Support
- LSV-1141: Reflected XSS with 'code' and 'error' in OAuth2ProviderApplicationRedirectLPE-17639Resolved issue: LPE-17639EE Support
- LSV-855: Stored XSS with ERC in Commerce catalogLPE-17632Resolved issue: LPE-17632EE Support
50 of
Based on http://www.liferay.com/community/forums/-/message_boards/message/19118953
In Liferay sources it allows to read file descriptor only from java.lang.ProcessImpl, but code fail on checking read file descriptor permission from java.net.SocketInputStream when we connect via network. Full error log in trace.log file.
Sample Maven project in attachment DSTest.zip (PostgreSQL required).
DB settings:
login/password - postgres
db name - dstest
Can be changed in file "BrokerFactory.scala"