com.liferay:com.liferay.layout.admin.web@3.0.139 vulnerabilities
latest version
5.0.193
latest non vulnerable version
first published
9 years ago
latest version published
10 days ago
licenses detected
- [0,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the com.liferay:com.liferay.layout.admin.web package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
com.liferay:com.liferay.layout.admin.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the How to fix Cross-site Request Forgery (CSRF)? Upgrade | [,4.0.26) |
com.liferay:com.liferay.layout.admin.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade | [,5.0.0) |
com.liferay:com.liferay.layout.admin.web is a portal for Liferay. Affected versions of this package are vulnerable to Improper Authorization. It does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration. How to fix Improper Authorization? Upgrade | [,4.0.20) |
com.liferay:com.liferay.layout.admin.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the Layout module's page administration page. It allows remote attackers to inject arbitrary web script or HTML via the How to fix Cross-site Scripting (XSS)? Upgrade | [,4.0.80) |