PT-2025-38092

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.93 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Description: A cross-site scripting XSS vulnerability exists in the Search widget. This allows remote attackers ...

GHSA-JFV5-R382-XVWH Liferay Portal Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

CVE-2025-43800

CVE-2025-43800 affects Liferay Portal/ Liferay DXP where a vulnerability in Rich Text fields of Objects allows remote attackers to inject arbitrary scripts via crafted payloads. Affected: Liferay Portal 7.4.3.20–7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, and 7.4 GA through update 9...

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

CVE-2025-43783

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML vi...

GHSA-66X6-8JGV-QPFH Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks...

CVE-2025-43785

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...

CVE-2025-43785

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...

PT-2025-37097

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.73 through 7.4.3.128 Liferay DXP versions 2024.Q3.0 through 2024.Q3.1 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay versions 7.4 update 73 through...

PT-2025-37067

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.45 through 7.4.3.128 Liferay DXP versions 2024 Q1.1 through 2024.Q1.12 Liferay DXP versions 2024 Q2.0 through 2024.Q2.9 Liferay versions 7.4 update 45 through update 92 Description: A stored cross-site scripting...

Linux Distros Unpatched Vulnerability : CVE-2020-9440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME...

Linux Distros Unpatched Vulnerability : CVE-2017-15430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via ...

GHSA-X5FW-8XGX-Q6C9 Liferay Portal is vulnerable to XSS attack through its search bar portlet

A reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web script or HTML via the URL in search bar...

CVE-2025-43781

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web script or HTML via the URL in search bar portl...

MAL-2025-191709 Malicious code in cti-ctf-challenges (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1cefe6c8a9ac6ede7c6ba497cf17011bf431812980749bb0068995ebba4039d9 If the method from the module is called, it attempts to download a malicious code identified as msf payload and save it locally. In the analysed version, the...

PT-2025-36909

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.128 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.12 Liferay DXP versions 2024.Q3.0 through 2024.Q3.5 Description: A stored cross-site scripting XS...

Linux Distros Unpatched Vulnerability : CVE-2014-4165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to...

Linux Distros Unpatched Vulnerability : CVE-2012-4451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via...