Tamale RMS Before signing in, claim your money!`. The portal property `` should be set to true.Īdvent/SSC Inc. In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability. SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Server-side validation should be implemented to prevent this vulnerability.
As of time of publication, a patch is not available. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user's browser, the impact is limited as it requires user interaction to trigger the vulnerability. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. Grav is a flat-file content management system. Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.