EUVD-2021-28123

Malicious code in bioql PyPI...

EUVD-2025-21699

Malicious code in bioql PyPI...

EUVD-2022-4358

Malicious code in bioql PyPI...

EUVD-2022-4014

Malicious code in bioql PyPI...

EUVD-2024-20034

Malicious code in bioql PyPI...

EUVD-2022-1806

Malicious code in bioql PyPI...

EUVD-2022-2121

Malicious code in bioql PyPI...

EUVD-2022-4676

Malicious code in bioql PyPI...

EUVD-2022-3759

Malicious code in bioql PyPI...

Liferay Portal Vulnerable to XSS in Web Content translation

Stored Cross-site Scripting XSS vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote...

CVE-2025-43826

Stored cross-site scripting XSS vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote...

CVE-2025-43826

The CVE-2025-43826 entry describes a Stored XSS in Liferay Portal/DXP Web Content Translation via rich text fields. Affected: Liferay Portal 7.4.0–7.4.3.112 and older, Liferay DXP 2023.Q4.0–2023.Q4.8, 2023.Q3.1–2023.Q3.10, and 7.4 GA up to update 92 (all older unsupported versions). Root cause: i...

PT-2025-40049

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

CVE-2025-43818

CVE-2025-43818 is an XSS vulnerability in the Calendar widget of Liferay Portal and DXP products. A crafted payload entered into the Calendar Name field can inject arbitrary script/HTML across affected versions: Liferay Portal 7.4.3.35–7.4.3.110; Liferay DXP 2023.Q4.0–2023.Q4.4, 2023.Q3.1–2023.Q3...

CVE-2025-43815

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...

PT-2025-39902

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.110 Liferay DXP versions 2023.Q3.1 through 2023.Q3.6 Liferay DXP versions 2023.Q4.0 through 2023.Q4.4 Liferay Portal versions 7.4 update 35 through update 92 Liferay Portal version 7.3 update 25...

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS version 11.4 and earlier, which stems from a stored...

GHSA-JH9H-8XF2-25WJ Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web scripts or HTML via a crafte...

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

CVE-2025-43802

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web...