Gareth Catterall

**Name of the Vulnerable Software and Affected Versions** ScienceLogic SL1 versions prior to 12.1.1 **Description** ScienceLogic SL1 before version 12.1.1 contains a SQL injection flaw. The flaw is located in `index.em7` and occurs through a parameter within a request. **Recommendations** Upgrade to ScienceLogic SL1 version 12.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.4.3.61 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.1 through 2024.Q4.5 Liferay versions 7.4 update 61 through update 92 **Description** The fragment preview functionality is susceptible to postMessage-based Cross-Site Scripting (XSS). A remote, unauthenticated attacker can inject JavaScript into the fragment portlet URL. **Recommendations** Liferay Portal versions 7.4.3.61 through 7.4.3.132: Update to a version later than 7.4.3.132. Liferay DXP versions 2024.Q1.1 through 2024.Q1.13: Update to a version later than 2024.Q1.13. Liferay DXP versions 2024.Q2.0 through 2024.Q2.13: Update to a version later than 2024.Q2.13. Liferay DXP versions 2024.Q3.1 through 2024.Q3.13: Update to a version later than 2024.Q3.13. Liferay DXP versions 2024.Q4.1 through 2024.Q4.5: Update to a version later than 2024.Q4.5. Liferay versions 7.4 update 61 through update 92: Update to a version later than update 92.