12 matches found
Cross-Site Scripting (XSS)
com.liferay, com.liferay.account.admin.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Account Role “Title” and Organization “Name” fields, which allows an attacker to inject crafted HTML or JavaScript payloads that execute when users vi...
CVE-2025-62263
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...
GHSA-8MGF-RGG5-W38Q Liferay Portal Vulnerable to Cross-Site Scripting
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...
Liferay Portal Vulnerable to Cross-Site Scripting
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...
CVE-2025-62263
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...
CVE-2025-62263
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...
EUVD-2025-36346
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...
CVE-2025-62263
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...
CVE-2025-62263
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...
CVE-2025-62263
CVE-2025-62263 affects Liferay Portal/DXP versions ranging from 7.3.7 to 7.4.3.103 and 2023.Q3.1–2023.Q3.4, including 7.4 GA up to update 92 and 7.3 SP3 up to update 36. The flaw is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or H...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
PT-2025-44029
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.7 through 7.4.3.103 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 GA through update 92 Liferay Portal 7.3 service pack 3 through update 36 Description The software contains multiple cross-site...