12 matches found
EUVD-2025-25725
Malicious code in bioql PyPI...
Stored Cross-site Scripting (XSS)
com.liferay, com.liferay.plugins.admin.web is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the components tab, which allows an attacker to inject and execute arbitrary web scripts or HTML in the victim’s browser...
CVE-2025-43769
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the components tab. An attacker can execute arbitrary web script or HTML by injecting malicious content that is rendered in the user's browser. Details Cross-site scripting or XSS is a code vulnerability tha...
Liferay Portal vulnerable to Stored XSS in Components portlet
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via...
GHSA-RVMF-JW8G-R35R Liferay Portal vulnerable to Stored XSS in Components portlet
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via...
CVE-2025-43769
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via...
CVE-2025-43769
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via...
CVE-2025-43769
CVE-2025-43769 describes a stored XSS in the Components portlet of Liferay Portal (7.4.0–7.4.3.131) and Liferay DXP (2024.Q3.1–2024.Q3.8, 2024.Q2.0–2024.Q2.13, 2024.Q1.1–2024.Q1.12, and 7.4 GA up to update 92). The vulnerability allows remote attackers to execute arbitrary web script or HTML via ...
CVE-2025-43769
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via...
CVE-2025-43769
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via...
PT-2025-34503 · Liferay · Liferay Portal +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.8 Description: A stored cross-site scripting XS...