com.liferay:com.liferay.calendar.web 5.0.55 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.liferay:com.liferay.calendar.web package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `First Name`, `Middle Name`, or `Last Name` fields in calendar events. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into these fields, which may be rendered in the browser of users viewing the affected calendar events. How to fix Cross-site Scripting (XSS)? Upgrade `com.liferay:com.liferay.calendar.web` to version 5.0.88 or higher.	[5.0.45,5.0.88)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `Name` text field. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting specially crafted input. How to fix Cross-site Scripting (XSS)? Upgrade `com.liferay:com.liferay.calendar.web` to version 5.0.87 or higher.	[5.0.45,5.0.87)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when inviting users to an event. An attacker can execute arbitrary web script or inject HTML by supplying crafted input into the `First Name`, `Middle text`, or `Last Name` fields. How to fix Cross-site Scripting (XSS)? Upgrade `com.liferay:com.liferay.calendar.web` to version 5.0.88 or higher.	[5.0.45,5.0.88)
M Information Exposure Affected versions of this package are vulnerable to Information Exposure via the `calendar` implementation. An attacker can obtain access to other users' calendars and their names by sending crafted requests, which may enable further targeted attacks such as phishing. How to fix Information Exposure? Upgrade `com.liferay:com.liferay.calendar.web` to version 5.0.106 or higher.	[,5.0.106)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the First Name, Middle Name, or Last Name fields in calendar events. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into these fields, which may be rendered in the browser of users viewing the affected calendar events.

How to fix Cross-site Scripting (XSS)?

Upgrade com.liferay:com.liferay.calendar.web to version 5.0.88 or higher.

[5.0.45,5.0.88)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Name text field. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting specially crafted input.

How to fix Cross-site Scripting (XSS)?

Upgrade com.liferay:com.liferay.calendar.web to version 5.0.87 or higher.

[5.0.45,5.0.87)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when inviting users to an event. An attacker can execute arbitrary web script or inject HTML by supplying crafted input into the First Name, Middle text, or Last Name fields.

How to fix Cross-site Scripting (XSS)?

Upgrade com.liferay:com.liferay.calendar.web to version 5.0.88 or higher.

[5.0.45,5.0.88)

Information Exposure

Affected versions of this package are vulnerable to Information Exposure via the calendar implementation. An attacker can obtain access to other users' calendars and their names by sending crafted requests, which may enable further targeted attacks such as phishing.

How to fix Information Exposure?

Upgrade com.liferay:com.liferay.calendar.web to version 5.0.106 or higher.

[,5.0.106)

com.liferay:com.liferay.calendar.web@5.0.55 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically