2 matches found
Reflected Cross-site Scripting (XSS)
com.liferay, com.liferay.product.navigation.control.menu.web is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortletbackURLTitle parameter, which allows an attacker to inject arbitrary web script ...
CVE-2025-43732
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...