Publish Advisories

GHSA-9f58-4465-23c7
GHSA-xcj6-xpjg-c4xr
GHSA-xcj6-xpjg-c4xr

Author: advisory-database[bot]

advisories/github-reviewed/2025/10/GHSA-9f58-4465-23c7/GHSA-9f58-4465-23c7.json

@@ -0,0 +1,77 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9f58-4465-23c7",
+  "modified": "2025-10-29T10:52:08Z",
+  "published": "2025-10-29T10:52:08Z",
+  "aliases": [
+    "CVE-2025-62798"
+  ],
+  "summary": "Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax",
+  "details": "A Cross-Site Scripting (XSS) vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component.\n\nIn affected versions, expressions wrapped in `{{` & `}}` were evaluated by Vue. This allowed attackers to inject arbitrary JavaScript or HTML that executes in the browser when the field is displayed.\n\nFor example, if a field’s value contains `{{ Math.random() }}`, it will be executed instead of being displayed as text.\n\n### Impact\n\nAttackers who can control content rendered through SharpShowTextField could execute arbitrary JavaScript in the context of an authenticated user’s browser.\n\nThis could lead to:\n\n- Theft of user session tokens.\n- Unauthorized actions performed on behalf of users.\n- Injection of malicious content into the admin panel.\n\n### Patches\n\nThe issue has been fixed in v9.11.1 of code16/sharp package.\n\n### Mitigation / Workarounds\n\nSanitize or encode any user-provided data that may include (`{{` & `}}`) before displaying it in a SharpShowTextField.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "code16/sharp"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "9.11.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/code16/sharp/security/advisories/GHSA-9f58-4465-23c7"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62798"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/code16/sharp/pull/654"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ViktorMares/vue-js-xss-payload-list"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/code16/sharp"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/code16/sharp/releases/tag/v9.11.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://medium.com/@sid0krypt/vue-js-reflected-xss-fae04c9872d2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-29T10:52:08Z",
+    "nvd_published_at": "2025-10-28T21:15:40Z"
+  }
+}

advisories/github-reviewed/2025/10/GHSA-xcj6-xpjg-c4xr/GHSA-xcj6-xpjg-c4xr.json

@@ -0,0 +1,88 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xcj6-xpjg-c4xr",
+  "modified": "2025-10-29T10:51:26Z",
+  "published": "2025-10-28T00:31:25Z",
+  "aliases": [
+    "CVE-2025-62261"
+  ],
+  "summary": "Liferay Portal Stores Password Reset Tokens in Plain Text",
+  "details": "Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s account.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "com.liferay.portal:release.portal.bom"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "7.4.0-ga1"
+            },
+            {
+              "fixed": "7.4.3.100"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "com.liferay.portal:com.liferay.portal.impl"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "92.0.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62261"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liferay/liferay-portal/commit/b228c7878f2ed5ad8dbc1ff7ec9b5e6d53bb4b5c"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/liferay/liferay-portal"
+    },
+    {
+      "type": "WEB",
+      "url": "https://liferay.atlassian.net/browse/LPE-17785"
+    },
+    {
+      "type": "WEB",
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62261"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-312"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-29T10:51:26Z",
+    "nvd_published_at": "2025-10-27T22:15:41Z"
+  }
+}