Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Veracode
Veracodeadded 2025/09/15 8:1 a.m.4 views

Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.layout.taglib is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the embedded message field in the form container, which allows an attacker to inject and execute arbitrary JavaScript in a victim’s browser...

2.1CVSS6.6AI score0.00189EPSS
Exploits0References8Affected Software1
Snyk
Snykadded 2025/08/22 12:30 a.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getSuccessMessage field in the embedded message form container. An attacker can execute arbitrary JavaScript in the context of the affected application by submitting crafted input to this field. Details...

5.4CVSS5.5AI score0.00189EPSS
Exploits0References2
OSV
OSVadded 2025/08/22 12:30 a.m.4 views

GHSA-R367-Q549-PGR5 Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update ...

2.1CVSS5.6AI score0.00189EPSS
Exploits0References9
CVE
CVEadded 2025/08/21 10:23 p.m.16 views

CVE-2025-43753

The CVE-2025-43753 entry describes a reflected XSS in Liferay products where a remote authenticated user can inject JavaScript into the embedded message field from the form container. Affected products include: Liferay Portal 7.4.3.32–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.7 , plus older qua...

5.4CVSS5.7AI score0.00189EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichmentadded 2025/08/21 10:23 p.m.2 views

CVE-2025-43753

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update ...

2.1CVSS5.7AI score0.00189EPSS
Exploits0References1
Kitploit
Kitploitadded 2018/02/27 9:4 p.m.40 views

Protobuf-Inspector - Tool To Reverse-Engineer Protocol Buffers With Unknown Definition

Simple program that can parse Google Protobuf encoded blobs version 2 or 3 without knowing their accompanying definition. It will print a nice, colored representation of their contents. Example: As you can see, the field names are obviously lost, together with some high-level details such as:...

6.8AI score
Exploits0References2
Rows per page
Query Builder