CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

Veracode•added 2025/10/22 7:10 a.m.•5 views

Stored Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the remote app title field, which allows an attacker to inject arbitrary web scripts or HTML content that can be executed in a user’s browser...

5.4CVSS5.7AI score0.00041EPSS

Exploits0References5Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-27411

Malicious code in bioql PyPI...

4.6CVSS6.4AI score0.00041EPSS

Exploits0References4

RedhatCVE•added 2025/09/11 6:25 p.m.•4 views

CVE-2025-43775

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via remote...

4.6CVSS5.5AI score0.00041EPSS

Exploits0References1

Github Security Blog•added 2025/09/09 9:30 p.m.•6 views

Liferay Portal is vulnerable to XSS attacks via its remote app title field

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via remot...

5.4CVSS5.4AI score0.00041EPSS

Exploits0References5Affected Software1

Snyk•added 2025/09/09 9:30 p.m.•1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the remote app title field. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted input to this field. Details Cross-site scripting or XSS is a code vulnerability that...

5.4CVSS5.3AI score0.00041EPSS

Exploits0References2

OSV•added 2025/09/09 9:30 p.m.•2 views

GHSA-88G3-PV3W-5WMR Liferay Portal is vulnerable to XSS attacks via its remote app title field

4.6CVSS5.3AI score0.00041EPSS

Exploits0References5

NVD•added 2025/09/09 7:15 p.m.•2 views

CVE-2025-43775

5.4CVSS0.00041EPSS

Exploits0References1

OSV•added 2025/09/09 7:15 p.m.•5 views

CVE-2025-43775

5.4CVSS5.4AI score0.00041EPSS

Exploits0References1

Vulnrichment•added 2025/09/09 6:12 p.m.•1 views

CVE-2025-43775

4.6CVSS5.1AI score0.00041EPSS

Exploits0References1

Cvelist•added 2025/09/09 6:12 p.m.•5 views

CVE-2025-43775

4.6CVSS0.00041EPSS

Exploits0References1

CVE•added 2025/09/09 6:12 p.m.•11 views

CVE-2025-43775

CVE-2025-43775 is a stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0–7.4.3.128 and Liferay DXP 2024.Q1.1–Q3.5, 2024.Q2.0–Q2.12, 2024.Q3.0–Q3.5, and 7.4 GA through update 92. The issue allows remote attackers to inject arbitrary web script or HTML via the remote app title fi...

5.4CVSS5.1AI score0.00041EPSS

Exploits0References1Affected Software2

Positive Technologies•added 2025/09/09 12:0 a.m.•5 views

PT-2025-36909

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.128 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.12 Liferay DXP versions 2024.Q3.0 through 2024.Q3.5 Description: A stored cross-site scripting XS...

5.4CVSS5.2AI score0.00041EPSS

Exploits0References9