Publish Advisories

GHSA-4hxr-28mv-q729
GHSA-x2j8-vjg7-386r

Author: advisory-database[bot]

advisories/github-reviewed/2024/12/GHSA-4hxr-28mv-q729/GHSA-4hxr-28mv-q729.json

@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4hxr-28mv-q729",
-  "modified": "2024-12-17T22:29:33Z",
+  "modified": "2025-01-28T22:26:56Z",
   "published": "2024-12-17T21:30:34Z",
   "aliases": [
     "CVE-2024-11993"
   ],
-  "summary": "Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting",
+  "summary": "Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting",
   "details": "Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"

advisories/github-reviewed/2025/01/GHSA-x2j8-vjg7-386r/GHSA-x2j8-vjg7-386r.json

@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x2j8-vjg7-386r",
-  "modified": "2025-01-27T20:50:36Z",
+  "modified": "2025-01-28T22:27:34Z",
   "published": "2025-01-27T18:32:01Z",
   "aliases": [
     "CVE-2024-55228"
   ],
   "summary": "Dolibarr Cross-site Scripting vulnerability",
   "details": "A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"