4 matches found
CVE-2025-62246
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the first, middle, or last name fields. An attacker can execute arbitrary web scripts in the context of another user by injecting crafted payloads into these fields, which are then rendered in various widget...
GHSA-MJ68-2XR5-28XH Liferay Mentions Web is Vulnerable to Cross-site Scripting
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...
EUVD-2025-34083
Liferay Mentions Web is Vulnerable to Cross-site Scripting...