Lucene search
K

23 matches found

OSV
OSV
added 2025/10/31 9:31 p.m.7 views

GHSA-Q285-WFPG-93HR Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

6.1CVSS5.9AI score0.00214EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/31 9:31 p.m.7 views

Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

6.1CVSS5.9AI score0.00214EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.10 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.1CVSS5.8AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2015-0233

Malware in sbrugna...

4.3CVSS6.4AI score0.00961EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/30 10:46 p.m.4 views

CVE-2025-43812

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.8AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/09/30 12:30 a.m.3 views

GHSA-JV8X-MM3V-75R7 Liferay Portal vulnerable to cross-site scripting in the web content template

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.8AI score0.00197EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 a.m.7 views

Liferay Portal vulnerable to cross-site scripting in the web content template

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2025/09/29 11:15 p.m.7 views

CVE-2025-43812

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

5.4CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/29 10:9 p.m.9 views

CVE-2025-43812

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

4.8CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/29 10:9 p.m.2 views

CVE-2025-43812

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.4AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.8 views

PT-2025-39907

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.4 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.4 Description A cross-site scripting XSS issue exists in the web content template functionality...

4.8CVSS5.8AI score0.00197EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/11/25 11:19 p.m.4 views

WordPress Jeg Elementor Kit plugin <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via sgcontenttemplate vulnerability discovered by Ankit Patel in WordPress Plugin Jeg Elementor Kit versions = 2.6.9...

4.3CVSS7AI score0.004EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/03/18 12:51 p.m.19 views

Incorrect Default Permissions

Liferay Portal is vulnerable to Incorrect Default Permissions. This vulnerability is due to insufficient access control mechanisms for guest users. The guest users can view any web content template by default. An attackers can exploit this to view any template via the UI or API...

5.3CVSS6.8AI score0.00481EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2022/04/25 3:41 p.m.29 views

CVE-2022-26596

Cross-site scripting XSS vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via we...

6.1CVSS5.9AI score0.00674EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/04/25 3:41 p.m.26 views

CVE-2022-26596

Cross-site scripting XSS vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via we...

6.2AI score0.00674EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.6 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

6.1CVSS6.2AI score0.00674EPSS
Exploits0References3
CNVD
CNVD
added 2015/10/10 12:0 a.m.2 views

IBM Content Template Catalog for WebSphere Portal Cross-Site Scripting Vulnerability

IBM Content Template Catalog for WebSphere Portal is a set of Web site construction templates designed by the U.S. company IBM for the WebSphere Portal environment. A cross-site scripting vulnerability exists in IBM Content Template Catalog for WebSphere Portal. A remote attacker can exploit this...

4.3CVSS5.8AI score0.00961EPSS
Exploits0References1
Prion
Prion
added 2015/10/03 10:59 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.9AI score0.00961EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/10/03 10:0 p.m.18 views

CVE-2015-0195

Cross-site scripting XSS vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

5.5AI score0.00961EPSS
Exploits0References1
CVE
CVE
added 2015/10/03 10:0 p.m.38 views

CVE-2015-0195

CVE-2015-0195 details an XSS vulnerability in IBM Content Template Catalog for WebSphere Portal. Affected: IBM Content Template Catalog 4.x before 4.1.4 on WebSphere Portal 8.0.x and 4.x before 4.3.1 on WebSphere Portal 8.5.x. Attack vector: remote attacker can inject arbitrary script via a craft...

4.3CVSS5.7AI score0.00961EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder