Reflected Cross Site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayportallanguageoverridewebinternalportletPLOPortletselectedLanguageId parameter, which allows an attacker to inject and execute arbitra...

Liferay Portal 7.4.3.8 < 7.4.3.112 XSS

Reflected cross-site scripting XSS vulnerability in Language Override in Liferay Portal allows remote attackers to inject arbitrary web script or HTML via the comliferayportallanguageoverridewebinternalportletPLOPortletselectedLanguageId parameter. Note that Nessus has not tested for this issue b...

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

EUVD-2025-37387

Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter...

Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2025-62264

CVE-2025-62264 describes a reflected XSS in Liferay Portal and Liferay DXP via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId parameter. Affected versions include Liferay Portal 7.4.3.8–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q3.10, 2023.Q4.0–2023.Q4...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-44660

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.8 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Description A reflected cross-site scripting XSS issue exists in the Language Override...

Liferay Portal 7.4.x < 7.4.3.98 Multiple Vulnerabilities

The version of Liferay Portal installed on the remote host is prior to 7.4.3.98. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - Reflected cross-site scripting XSS vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through...

Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting

Reflected cross-site scripting XSS vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2023-42498

Reflected cross-site scripting XSS vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

PT-2024-13049 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.8 through 7.4.3.97 Liferay DXP 2023.Q3 before patch 5 Liferay DXP versions 7.4 update 4 through 92 Description: A reflected cross-site scripting XSS issue exists in the Language Override edit screen, allowing...