Liferay Portal is vulnerable to XSS through its Commerce Product's Name text field

Cross-site Scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

CVE-2025-43829

CVE-2025-43829 is a stored XSS vulnerability in Liferay Commerce diagram logic. A crafted SVG file can inject script/HTML, affecting Liferay Portal 7.4.3.18–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q4.5 (including 2023.Q3.8 and 7.4 update 18–92). The issue originates from the diagram web componen...

CVE-2025-60298

Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and...

CVE-2025-60298

Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and...

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

CVE-2025-43830

Stored cross-site scripting XSS vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a...

CVE-2025-43821

Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

PT-2025-41253

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Description A cross-site scripting XSS issue exists in the Commerce Product Comparison Table...

PT-2025-41263

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.102 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Description The Notifications widget contains multiple cross-site scripting XSS issues. Thes...

CVE-2025-61999 OPEXUS FOIAXpress stored XSS via logo image

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to perfo...

EUVD-2015-5447

Malware in sbrugna...

EUVD-2013-2906

Malware in sbrugna...

EUVD-2006-2989

Malware in sbrugna...

EUVD-2013-4934

Malware in sbrugna...

EUVD-2012-5813

Malware in sbrugna...

EUVD-2010-4096

Malware in sbrugna...

EUVD-2006-2244

Malware in sbrugna...

EUVD-2009-2312

Malware in sbrugna...

EUVD-2008-4576

Malware in sbrugna...

EUVD-2016-0912

Malware in sbrugna...