3 matches found
Liferay Portal CE 7.4.3.82 < 7.4.3.129 XSS
The detected install of Liferay Portal CE is affected by a cross-site scripting XSS vulnerability in the Frontend JS module's layout-taglib/liferay/index.js that allows remote attackers to inject arbitrary web script or HTML via toastData parameter Note that Nessus has not tested for this issue b...
CVE-2025-2536
Cross-site scripting XSS vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's...
CVE-2025-2536
CVE-2025-2536 is an XSS vulnerability affecting Liferay Portal 7.4.3.82–7.4.3.128 and Liferay DXP releases up to 2024.Q3.0 (plus 2024.Q2.x, 2024.Q1.x, 2023 Q3/Q4 series). The issue resides in the Frontend JS module layout-taglib/liferay /index.js, where the toastData parameter can be used to inje...