Author: Cyberthreat Blog

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.

XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.

XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.

XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.

XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.