8 matches found
Cross-site Scripting
Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input validation and output encoding in the My Workflow Tasks page due to user-supplied task/comment fields being stored without sanitization. An attacker can submit crafted content that is saved and later...
CVE-2025-43785
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks...
GHSA-66X6-8JGV-QPFH Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks...
CVE-2025-43785
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...
CVE-2025-43785
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...
CVE-2025-43785
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...
CVE-2025-43785
CVE-2025-43785 is a stored XSS in Liferay Portal 7.4.3.45–7.4.3.128 and Liferay DXP 2024 Q2.0–Q2.9, 2024.Q1.1–Q1.12, and 7.4 update 45–update 92. The vulnerability affects the My Workflow Tasks page and can allow remote attackers to inject arbitrary script/HTML. Root cause and affected component ...