Lucene search
K

282 matches found

RedhatCVE
RedhatCVE
added 2025/09/17 7:52 p.m.10 views

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

4.8CVSS5.9AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/17 6:45 p.m.5 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

4.8CVSS5.9AI score0.00199EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/15 9:30 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via a "Rich Text" field in an object. An attacker can execute arbitrary web scripts or inject HTML by submitting a crafted payload. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

6.1CVSS5.3AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2025/09/15 9:30 p.m.6 views

GHSA-JFV5-R382-XVWH Liferay Portal Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

4.8CVSS6AI score0.00207EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/15 9:30 p.m.7 views

Liferay Portal Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

6.1CVSS6AI score0.00207EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/09/15 7:15 p.m.7 views

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

6.1CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/15 7:7 p.m.8 views

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

4.8CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 7:7 p.m.2 views

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

4.8CVSS5.5AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2025/09/15 7:7 p.m.19 views

CVE-2025-43800

CVE-2025-43800 affects Liferay Portal/ Liferay DXP where a vulnerability in Rich Text fields of Objects allows remote attackers to inject arbitrary scripts via crafted payloads. Affected: Liferay Portal 7.4.3.20–7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, and 7.4 GA through update 9...

6.1CVSS5.5AI score0.00207EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2025/09/15 6:31 p.m.3 views

GHSA-5C6V-FQCW-W6Q5 Liferay Portal vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

4.8CVSS6AI score0.00199EPSS
Exploits0References3
NVD
NVD
added 2025/09/15 6:15 p.m.3 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

6.1CVSS0.00199EPSS
Exploits0References1
OSV
OSV
added 2025/09/15 6:15 p.m.4 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

6.1CVSS5.8AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/15 6:8 p.m.9 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

4.8CVSS0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 6:8 p.m.2 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

4.8CVSS5.5AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.2 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.1CVSS5.9AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/11 5:29 p.m.4 views

CVE-2025-58989

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 dynamic-text-field-for-contact-form-7 allows Stored XSS.This issue affects Dynamic Text Field For Contact Form 7: from n/a through = 1.0...

6.5CVSS5.9AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 5:16 p.m.7 views

CVE-2025-58989

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 dynamic-text-field-for-contact-form-7 allows Stored XSS.This issue affects Dynamic Text Field For Contact Form 7: from n/a through = 1.0...

6.5CVSS0.00154EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/09 5:7 p.m.4 views

WordPress Dynamic Text Field For Contact Form 7 Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Dynamic Text Field For Contact Form 7 versions = 1.0...

6.5CVSS6AI score0.00154EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/09/09 4:33 p.m.11 views

CVE-2025-58989 WordPress Dynamic Text Field For Contact Form 7 Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 dynamic-text-field-for-contact-form-7 allows Stored XSS.This issue affects Dynamic Text Field For Contact Form 7: from n/a through = 1.0...

6.5CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 4:33 p.m.3 views

CVE-2025-58989 WordPress Dynamic Text Field For Contact Form 7 Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text Field For Contact Form 7: from n/a through 1.0...

6.5CVSS5.4AI score0.00154EPSS
Exploits0References1
Rows per page
Query Builder