EUVD-2025-31654

Malicious code in bioql PyPI...

CVE-2025-43815

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...

Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...

PT-2025-40052

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the com liferay layout admin web portlet...

CVE-2025-43815

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2025-43815

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2025-43815

CVE-2025-43815 is a reflected XSS in Liferay Portal 7.4.3.102–7.4.3.110 and Liferay DXP 2023.Q4.0–2023.Q4.2 (and 2023.Q3.5) exploitable via the com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURLTitle parameter on the page configuration page. The issue allows an attacker to inject arbi...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...

CVE-2025-43737

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the getExcludedPathsJSONArray function, which is populated by the plbackurl parameter in the content page editor. An attacker can perform administrative actions, execute arbitrary code, and alter user...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the render function used by the My Account widget. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a link including a...

Liferay Portal Security Vulnerability

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and more. A security vulnerability exists in Liferay Portal...

PT-2023-30614 · Liferay · Liferay Portal

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.94 through 7.4.3.95 Description: A reflected cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via the p l back url title parameter on a content page's edit page...

Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module

Cross-site request forgery CSRF vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration of the Layout module. An attacker can cause users to be redirected to arbitrary external URLs by tricking them into clickin...

Forma Learning Management System 跨站脚本漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Forma Learning Management System 3.1.0 and prior versions, which originated from a vulnerability that allows remote attackers to inject JavaScript code into the backurl parameter, which ca...

PT-2021-4608 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.0.7 Redmine versions 4.1.x prior to 4.1.1 Description: The issue is related to a lack of protection for the web page structure, allowing a remote attacker to impact data integrity. The problem can be exploited via...

Redmine 跨站脚本漏洞

Redmine is an open source, web-based project management and defect tracking tool. A cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability via the backurl field to conduct a cross-site scripting attack...

CVE-2018-1356

A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the backurl parameter in the file scan component...