13 matches found
EUVD-2025-31648
Malicious code in bioql PyPI...
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
GHSA-2856-XF2F-6VRF Liferay Portal vulnerable to cross-site scripting in the related asset selector
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
Liferay Portal vulnerable to cross-site scripting in the related asset selector
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the related asset selector. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into the First Name, Middle Name, or Last Name text fields. Details Cross-sit...
PT-2025-40036
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
CVE-2025-43811
Summary (validated): CVE-2025-43811 describes stored XSS in Liferay Portal/DXP via the related asset selector, allowing remote authenticated users to inject scripts by crafting payloads into the asset author’s First/Middle/Last Name fields. Affected products include Liferay Portal 7.4.3.50–7.4.3....
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
PT-2025-39906
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.50 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.7 Liferay DXP versions 2023.Q4.0 through 2023.Q4.4 Liferay DXP 7.4 update 50 through update 92 Description The software contains multiple stored...