Lucene search
K

12 matches found

Veracode
Veracode
added 2025/12/13 4:36 a.m.7 views

Cross-Site Scripting (XSS)

com.liferay, com.liferay.account.admin.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Account Role “Title” and Organization “Name” fields, which allows an attacker to inject crafted HTML or JavaScript payloads that execute when users vi...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/28 7:53 p.m.4 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2025/10/27 9:30 p.m.6 views

GHSA-8MGF-RGG5-W38Q Liferay Portal Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS6AI score0.00202EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/27 9:30 p.m.10 views

Liferay Portal Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS6AI score0.00202EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/10/27 8:15 p.m.4 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS5.6AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2025/10/27 8:15 p.m.7 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/27 7:38 p.m.3 views

EUVD-2025-36346

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

4.8CVSS5.3AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/27 7:38 p.m.6 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

4.8CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 7:38 p.m.3 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

4.8CVSS5.5AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2025/10/27 7:38 p.m.12 views

CVE-2025-62263

CVE-2025-62263 affects Liferay Portal/DXP versions ranging from 7.3.7 to 7.4.3.103 and 2023.Q3.1–2023.Q3.4, including 7.4 GA up to update 92 and 7.3 SP3 up to update 36. The flaw is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or H...

5.4CVSS5.5AI score0.00202EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.3 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS5.7AI score0.00202EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.3 views

PT-2025-44029

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.7 through 7.4.3.103 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 GA through update 92 Liferay Portal 7.3 service pack 3 through update 36 Description The software contains multiple cross-site...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References13
Rows per page
Query Builder