Lucene search
K

8 matches found

Veracode
Veracode
added 2025/09/05 9:32 a.m.5 views

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.layout.taglib is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the content page's name field, which allows an attacker to inject and execute malicious JavaScript code when a user views the "document Vi...

5.4CVSS6.7AI score0.00196EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/20 12:19 p.m.17 views

CVE-2025-43733

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

2.3CVSS5.7AI score0.00196EPSS
Exploits0References1
OSV
OSV
added 2025/08/18 3:30 p.m.5 views

GHSA-VHCR-HGC8-29QR Liferay Portal Vulnerable to Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

2.3CVSS5.6AI score0.00196EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/18 3:30 p.m.8 views

Liferay Portal Vulnerable to Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

5.4CVSS5.6AI score0.00196EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/18 1:15 p.m.5 views

CVE-2025-43733

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

5.4CVSS5.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/18 12:6 p.m.8 views

CVE-2025-43733

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

2.3CVSS0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/18 12:6 p.m.3 views

CVE-2025-43733

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

2.3CVSS5.7AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2025/08/18 12:6 p.m.19 views

CVE-2025-43733

CVE-2025-43733 affects Liferay Portal 7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.7. The issue is a reflected cross-site scripting (XSS) vulnerability: an authenticated remote attacker can inject JavaScript via the content page’s name field, with the payload reflected and executed when users view...

5.4CVSS5.7AI score0.00196EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder