4 matches found
EUVD-2025-37203
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...
com.liferay:com.liferay.blogs.editor.config (>=1.0.0 <=2.0.0), com.liferay:com.liferay.blogs.editor.configuration (>=1.0.0 <=1.0.9) +2 more potentially affected by CVE-2025-4576 via com.liferay:com.liferay.blogs.web (>=1.0.0 <=2.0.0)
com.liferay:com.liferay.blogs.web MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.1 Source cves: CVE-2025-4576 Source advisory: OSV:GHSA-6QCG-28JH-HM7R...
com.liferay:com.liferay.asset.publisher.web (>=1.0.0 <=1.8.11), com.liferay:com.liferay.blogs.web (>=1.0.0 <=2.0.4) +3 more potentially affected by CVE-2021-33320 via com.liferay:com.liferay.flags.taglib (=2.0.0)
com.liferay:com.liferay.flags.taglib MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.flags.taglib and may be impacted: - com.liferay:com.liferay.asset.publisher.web =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.3.0...
PT-2022-10707 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.3.6 Liferay DXP 7.3 before fix pack 2 Description: A cross-site scripting XSS issue exists in the Blogs module's edit blog entry page, allowing remote attackers to inject arbitrary web script or HTML vi...