Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2025/11/01 6:55 p.m.10 views

CVE-2025-62267

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

6.1CVSS5.9AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 9:31 p.m.8 views

EUVD-2025-37402

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

4.6CVSS5.3AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/31 9:31 p.m.2 views

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.dynamic.data.mapping.item.selector.web is a Liferay Dynamic Data Mapping Item Selector Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the select structure page when processing user input in the First Name, Middle Name, or Last...

6.1CVSS5.5AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2025/10/31 7:15 p.m.16 views

CVE-2025-62267

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

6.1CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/10/31 6:12 p.m.15 views

CVE-2025-62267

CVE-2025-62267 describes multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.35–7.4.3.111 and Liferay DXP 2023.Q3/Q4 releases, triggered through the web content template’s select structure page. The root cause is improper handling of user input in the First Name, Middle Na...

6.1CVSS5.4AI score0.00214EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.11 views

PT-2025-44661

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Liferay Portal versions 7.4 update 35 through update 92 Description The software contains...

6.1CVSS6.3AI score0.00214EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2025/10/10 9:27 p.m.5 views

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

4.8CVSS5.9AI score0.00205EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/09 9:31 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the First Name, Middle Name, or Last Name fields in calendar events. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into these fields, which may be...

5.4CVSS5.5AI score0.00205EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/09 9:8 p.m.2 views

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

4.8CVSS5.4AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 9:8 p.m.15 views

CVE-2025-62240

CVE-2025-62240 is a cross-site scripting (XSS) vulnerability affecting Liferay Portal 7.4.3.35–7.4.3.111 and Liferay DXP 2023.Q4.0–2023.Q4.5, 2023.Q3.1–2023.Q3.7, plus 7.4/7.3 updates in those lines. The issue occurs in calendar events where crafted input in user name fields (First Name, Middle N...

5.4CVSS5.4AI score0.00205EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2025/10/08 3:16 p.m.4 views

CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

5.4CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/08 2:13 p.m.8 views

CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

4.8CVSS0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31649

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 2025/09/30 12:30 a.m.3 views

GHSA-PF86-4W35-CJ89 Liferay Portal vulnerable to cross-site scripting in the Calendar widget

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

4.8CVSS5.9AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.9 views

PT-2025-40049

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

4.8CVSS5.9AI score0.00197EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/29 9:48 p.m.2 views

CVE-2025-43820

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

4.8CVSS5.5AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:27 p.m.6 views

CVE-2021-27369

The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field...

5.4CVSS5.6AI score0.00592EPSS
Exploits1References1
OSV
OSV
added 2024/10/22 10:15 p.m.5 views

CVE-2024-48415

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting XSS via a crafted payload to the lastname, firstname, middlename, address, contactno, email and taxid parameters in new borrowers functionality on the Borrowers page...

5CVSS5.8AI score0.00356EPSS
Exploits0References1
OSV
OSV
added 2024/09/07 7:15 p.m.4 views

CVE-2024-8562

A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument firstname/middlename/lastname leads to cross site scripting. The attack may be launched...

6.1CVSS3.8AI score0.00291EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

Product Show Room 跨站脚本漏洞

Product Show Room Site is a product show room website by Carlo Montero's personal developer. A cross-site scripting vulnerability exists in Product Show Room 1.0 and earlier versions, which is caused by an easy cross-site scripting attack via the Middle Name parameter under Add User...

5.3CVSS6AI score0.00294EPSS
Exploits1References3
Rows per page
Query Builder