26 matches found
CVE-2025-43821
Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...
EUVD-2025-33173
Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...
CVE-2025-43821
CVE-2025-43821 concerns an XSS vulnerability in the Liferay Commerce Product Comparison Table widget. Affected: Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q3.8, 2023.Q4.0–2023.Q4.5, and 7.4 GA through update 92. The flaw arises when user-supplied data is inserted into the Comme...
CVE-2025-43821
Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...
GHSA-XX7H-2WF7-HC7P Liferay Portal is vulnerable to XSS through its Commerce Search Result widget
Cross-site Scripting XSS vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload...
Liferay Portal is vulnerable to XSS through its Commerce Search Result widget
Cross-site Scripting XSS vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload...
PT-2025-41253
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Description A cross-site scripting XSS issue exists in the Commerce Product Comparison Table...
CVE-2025-43823
Cross-site scripting XSS vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload...
CVE-2025-43823
Cross-site scripting XSS vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload...
CVE-2025-43823
CVE-2025-43823 is an XSS vulnerability in the Liferay Commerce Search Result widget. A crafted payload injected into a Commerce Product’s Name field can execute arbitrary script in affected environments. Affected products/versions include Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q4 bef...
CVE-2025-43823
Cross-site scripting XSS vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload...
EUVD-2023-2968
Malicious code in bioql PyPI...
CVE-2023-40810
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field...
CVE-2025-3824
A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproductname leads to cross site scripting. T...
CVE-2024-24135
Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks...
Cross Site Scripting (XSS)
openCRX is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of validation in Create product name field, which allows an attacker to inject HTML into the application...
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field...
CVE-2023-40810
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field...
CVE-2023-40810
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field...
CVE-2023-40810
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field...