8 matches found
Reflected Cross-Site Scripting (Reflected XSS)
com.liferay, com.liferay.layout.taglib is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the content page's name field, which allows an attacker to inject and execute malicious JavaScript code when a user views the "document Vi...
CVE-2025-43733
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...
Liferay Portal Vulnerable to Cross-Site Scripting
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...
GHSA-VHCR-HGC8-29QR Liferay Portal Vulnerable to Cross-Site Scripting
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...
CVE-2025-43733
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...
CVE-2025-43733
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...
CVE-2025-43733
CVE-2025-43733 affects Liferay Portal 7.4.3.132 and Liferay DXP 2025.Q1.0β2025.Q1.7. The issue is a reflected cross-site scripting (XSS) vulnerability: an authenticated remote attacker can inject JavaScript via the content pageβs name field, with the payload reflected and executed when users view...
CVE-2025-43733
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...