Lucene search
+L

25 matches found

Snyk
Snyk
added 2025/10/08 3:32 p.m.4 views

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.asset.publisher.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notifications widget when processing user-supplied input in text fields such as First Name, Middle Name, Last Name, Other Reason, or t...

5.4CVSS5.5AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-15697

Malware in sbrugna...

6.1CVSS6.2AI score0.00746EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25220

Malicious code in bioql PyPI...

5.1CVSS6.3AI score0.00166EPSS
Exploits0References5
Veracode
Veracode
added 2025/09/10 10:3 a.m.6 views

Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Stored DOM-based Cross-Site Scripting XSS. The vulnerability is due to improper handling of DDM structure field labels in the Asset Publisher configuration UI within the Source.js module, where values are inserted into the DOM using innerHTM...

5.4CVSS6.2AI score0.00166EPSS
Exploits0References6Affected Software3
RedhatCVE
RedhatCVE
added 2025/08/21 8:36 p.m.5 views

CVE-2025-43744

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.1CVSS5.8AI score0.00166EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/19 9:30 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the getLanguage and getClassTypeFields functions used by the Asset Publisher configuration UI. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious inp...

5.4CVSS5.5AI score0.00166EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/19 9:30 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the getLanguage and getClassTypeFields functions used by the Asset Publisher configuration UI. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious inp...

5.4CVSS5.5AI score0.00166EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/19 9:30 p.m.10 views

Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.4CVSS5.7AI score0.00166EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/08/19 9:30 p.m.4 views

GHSA-M49P-6CJP-X2H3 Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.1CVSS5.7AI score0.00166EPSS
Exploits0References6
NVD
NVD
added 2025/08/19 8:15 p.m.8 views

CVE-2025-43744

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.4CVSS0.00166EPSS
Exploits0References1
OSV
OSV
added 2025/08/19 8:15 p.m.4 views

CVE-2025-43744

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.4CVSS5.9AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/19 7:34 p.m.2 views

CVE-2025-43744

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.1CVSS5.7AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/19 7:34 p.m.9 views

CVE-2025-43744

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.1CVSS0.00166EPSS
Exploits0References1
CVE
CVE
added 2025/08/19 7:34 p.m.21 views

CVE-2025-43744

A stored, DOM-based XSS in Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2024–2025 (various Qx updates) via the Asset Publisher UI in Source.js, allowing JavaScript injection through DDM structure field labels inserted into the DOM via innerHTML without proper encoding. Impact is client-side XSS...

5.4CVSS5.7AI score0.00166EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.9 views

PT-2025-33857 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.19 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

5.1CVSS5.5AI score0.00166EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.8 views

CVE-2021-29051

Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.9AI score0.00746EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/24 7:9 p.m.6 views

com.liferay:com.liferay.asset.publisher.web (>=1.0.0 <=1.8.11), com.liferay:com.liferay.blogs.web (>=1.0.0 <=2.0.4) +3 more potentially affected by CVE-2021-33320 via com.liferay:com.liferay.flags.taglib (=2.0.0)

com.liferay:com.liferay.flags.taglib MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.flags.taglib and may be impacted: - com.liferay:com.liferay.asset.publisher.web =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.3.0...

4.3CVSS5.8AI score0.01195EPSS
Exploits0
OSV
OSV
added 2022/05/24 7:2 p.m.5 views

GHSA-JVVX-8G42-9559 Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App

Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS6.2AI score0.00746EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 7:2 p.m.9 views

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App

Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00746EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2021/07/13 12:0 a.m.39 views

Liferay Portal 7.2.x < 7.3.6 XSS

Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.0 through 7.3.5 allows remote attackers to inject arbitrary web script or HTML via the comliferayassetpublisherwebportletAssetPublisherPortletINSTANCEXXXXXXXXXXXXassetEntryId parameter. Note tha...

6.1CVSS6.3AI score0.00746EPSS
Exploits0References2
Rows per page
Query Builder