Lucene search
+L

24 matches found

osv
osv
added 2026/07/07 7:16 p.m.3 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

6.1CVSS6AI score
Exploits0References1
nvd
nvd
added 2026/07/07 7:16 p.m.12 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS0.00147EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 5:29 p.m.34 views

CVE-2026-48954 Joomla! Core - [20260708] - XSS through language overrides

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS0.00147EPSS
Exploits0References1
euvd
euvd
added 2026/07/07 5:29 p.m.5 views

EUVD-2026-42059

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
cve
cve
added 2026/07/07 5:29 p.m.12 views

CVE-2026-48954

CVE-2026-48954 affects Joomla! Core - Language Overrides. Root cause: improper validation allows a generic XSS in the language override feature. Impact per sources: high-severity issue (CVSS 4.0 base 8.4) with network access, requiring high privileges and passive user interaction; confidentiality...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/07/07 5:29 p.m.7 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.7 views

PT-2026-56227

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Improper validation in the language override feature allows for a generic Cross-Site Scripting XSS vector. XSS is a type of security flaw where malicious scripts are injected into truste...

8.4CVSS6.1AI score0.00147EPSS
Exploits0References6
veracode
veracode
added 2025/12/13 4:20 a.m.10 views

Reflected Cross Site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayportallanguageoverridewebinternalportletPLOPortletselectedLanguageId parameter, which allows an attacker to inject and execute arbitra...

6.1CVSS5.9AI score0.00221EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2025/11/05 12:0 a.m.8 views

Liferay Portal 7.4.3.8 < 7.4.3.112 XSS

Reflected cross-site scripting XSS vulnerability in Language Override in Liferay Portal allows remote attackers to inject arbitrary web script or HTML via the comliferayportallanguageoverridewebinternalportletPLOPortletselectedLanguageId parameter. Note that Nessus has not tested for this issue b...

6.1CVSS5.4AI score0.00221EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/11/01 6:6 p.m.11 views

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References1
euvd
euvd
added 2025/10/31 6:31 p.m.7 views

EUVD-2025-37387

Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter...

5.1CVSS5.7AI score0.00221EPSS
Exploits0References3
github
github
added 2025/10/31 6:31 p.m.9 views

Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2025/10/31 6:15 p.m.10 views

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS0.00221EPSS
Exploits0References1
osv
osv
added 2025/10/31 6:15 p.m.5 views

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.5AI score0.00221EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/10/31 5:32 p.m.3 views

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

5.1CVSS5.4AI score0.00221EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/31 5:32 p.m.9 views

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

5.1CVSS0.00221EPSS
Exploits0References1
cve
cve
added 2025/10/31 5:32 p.m.21 views

CVE-2025-62264

CVE-2025-62264 describes a reflected XSS in Liferay Portal and Liferay DXP via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId parameter. Affected versions include Liferay Portal 7.4.3.8–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q3.10, 2023.Q4.0–2023.Q4...

6.1CVSS5.4AI score0.00221EPSS
Exploits0References1Affected Software2
ptsecurity
ptsecurity
added 2025/10/31 12:0 a.m.7 views

PT-2025-44660

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.8 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Description A reflected cross-site scripting XSS issue exists in the Language Override...

6.1CVSS5.6AI score0.00221EPSS
Exploits0References13
cnnvd
cnnvd
added 2025/10/31 12:0 a.m.6 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.1CVSS5.9AI score0.00221EPSS
Exploits0References2
nessus
nessus
added 2024/02/23 12:0 a.m.19 views

Liferay Portal 7.4.x < 7.4.3.98 Multiple Vulnerabilities

The version of Liferay Portal installed on the remote host is prior to 7.4.3.98. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - Reflected cross-site scripting XSS vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through...

9.6CVSS8.1AI score0.0062EPSS
Exploits0References3
Rows per page
Query Builder