Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30789

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00197EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/24 4:34 p.m.4 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.4AI score0.00197EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/22 6:30 p.m.9 views

Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web scripts or HTML via a crafte...

5.4CVSS5.3AI score0.00197EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/09/22 6:30 p.m.4 views

GHSA-JH9H-8XF2-25WJ Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web scripts or HTML via a crafte...

4.8CVSS5.2AI score0.00197EPSS
Exploits0References5
NVD
NVD
added 2025/09/22 5:16 p.m.4 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

5.4CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/09/22 5:16 p.m.4 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

5.4CVSS5.4AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 4:17 p.m.6 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 4:17 p.m.1 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.1AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 4:17 p.m.13 views

CVE-2025-43807

A stored XSS was reported in Liferay Portal and Liferay DXP via the notifications widget. A crafted payload placed in a publication’s Name field can execute arbitrary script in affected users’ browsers. Affected are Liferay Portal 7.4.0–7.4.3.112 and Liferay DXP 2023.Q4.0–2023.Q4.8, 2023.Q3.1–202...

5.4CVSS5.1AI score0.00197EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder