Lucene search
K

159 matches found

Snyk
Snyk
added 2025/10/13 9:31 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the first, middle, or last name fields. An attacker can execute arbitrary web scripts in the context of another user by injecting crafted payloads into these fields, which are then rendered in various widget...

5.4CVSS5.5AI score0.002EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/13 8:21 p.m.6 views

CVE-2025-62246

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

4.8CVSS0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.6 views

PT-2025-41810

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 Older unsupported versions of Liferay Portal and Liferay...

4.8CVSS5.5AI score0.002EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/10 1:32 a.m.5 views

CVE-2025-43771

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

4.8CVSS5.8AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/09 9:31 p.m.6 views

EUVD-2025-33545

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

4.8CVSS5.3AI score0.00205EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/09 9:31 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the First Name, Middle Name, or Last Name fields in calendar events. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into these fields, which may be...

5.4CVSS5.5AI score0.00205EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/09 9:31 p.m.8 views

Liferay Portal is vulnerable to XSS through its Calendar Events parameters

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

5.4CVSS5.9AI score0.00205EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/10/09 9:15 p.m.3 views

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

5.4CVSS0.00205EPSS
Exploits0References1
OSV
OSV
added 2025/10/09 9:15 p.m.6 views

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

5.4CVSS5.8AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 9:8 p.m.8 views

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

4.8CVSS0.00205EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/08 3:32 p.m.3 views

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.asset.publisher.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notifications widget when processing user-supplied input in text fields such as First Name, Middle Name, Last Name, Other Reason, or t...

5.4CVSS5.5AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2025/10/08 3:32 p.m.4 views

GHSA-Q8FJ-76Q7-4P7H Liferay Portal Notifications Widget has multiple XSS vulnerabilities through various text fields

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

4.8CVSS5.9AI score0.00197EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/08 2:13 p.m.4 views

EUVD-2025-33163

Multiple cross-site scripting XSS vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

4.8CVSS5.3AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2025/10/08 2:13 p.m.14 views

CVE-2025-43771

CVE-2025-43771 affects Liferay Portal/DXP: multiple XSS vulnerabilities in the Notifications widget (First/Middle/Last Name, Other Reason, or content name) across Liferay Portal 7.4.3.102–7.4.3.111 and Liferay DXP 2023.Q3.1–Q3.10, 2023.Q4.0–Q4.5. Root cause is improper input handling in the Notif...

5.4CVSS5.4AI score0.00197EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2025/10/08 12:0 a.m.6 views

EUVD-2025-33294

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the fname First Name and lname Last Name fields...

6.1CVSS5.7AI score0.00225EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/08 12:0 a.m.9 views

CVE-2025-60318

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the fname First Name and lname Last Name fields...

0.00225EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.5 views

PT-2025-41263

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.102 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Description The Notifications widget contains multiple cross-site scripting XSS issues. Thes...

4.8CVSS5.9AI score0.00197EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-29395

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.02537EPSS
Exploits4References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31398

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00222EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-31648

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00205EPSS
Exploits0References4
Rows per page
Query Builder