Liferay DXP XSS (CVE-2025-2536)

The detected install of Liferay DXP is affected by a cross-site scripting XSS vulnerability in the Frontend JS module's layout-taglib/liferay/index.js that allows remote attackers to inject arbitrary web script or HTML via toastData parameter Note that Nessus has not tested for this issue but has...

GHSA-HRC4-P2H3-PJQW Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's...

PT-2025-11960

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.82 through 7.4.3.128 Liferay DXP versions 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92...

PT-2024-21322 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.37 Liferay DXP versions prior to 7.4 update 38 Liferay DXP versions prior to 7.3 update 11 Liferay DXP versions prior to 7.2 fix pack 20 Description: A cross-site scripting XSS issue in the Frontend...