com.liferay:com.liferay.layout.admin.web 2.0.66 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.liferay:com.liferay.layout.admin.web package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) com.liferay:com.liferay.layout.admin.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `_com_liferay_asset_list_web_portlet_AssetListPortlet_title` parameter. How to fix Cross-site Scripting (XSS)? Upgrade `com.liferay:com.liferay.layout.admin.web` to version 5.0.0 or higher.	[,5.0.0)
M Improper Authorization com.liferay:com.liferay.layout.admin.web is a portal for Liferay. Affected versions of this package are vulnerable to Improper Authorization. It does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration. How to fix Improper Authorization? Upgrade `com.liferay:com.liferay.layout.admin.web` to version 4.0.20 or higher.	[,4.0.20)
M Cross-site Scripting (XSS) com.liferay:com.liferay.layout.admin.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the Layout module's page administration page. It allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name` parameter. How to fix Cross-site Scripting (XSS)? Upgrade `com.liferay:com.liferay.layout.admin.web` to version 4.0.80 or higher.	[,4.0.80)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

com.liferay:com.liferay.layout.admin.web is a portal for Liferay.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter.

How to fix Cross-site Scripting (XSS)?

Upgrade com.liferay:com.liferay.layout.admin.web to version 5.0.0 or higher.

[,5.0.0)

Improper Authorization

com.liferay:com.liferay.layout.admin.web is a portal for Liferay.

Affected versions of this package are vulnerable to Improper Authorization. It does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.

How to fix Improper Authorization?

Upgrade com.liferay:com.liferay.layout.admin.web to version 4.0.20 or higher.

[,4.0.20)

Cross-site Scripting (XSS)

com.liferay:com.liferay.layout.admin.web is a portal for Liferay.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the Layout module's page administration page. It allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name parameter.

How to fix Cross-site Scripting (XSS)?

Upgrade com.liferay:com.liferay.layout.admin.web to version 4.0.80 or higher.

[,4.0.80)

com.liferay:com.liferay.layout.admin.web@2.0.66 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?