EUVD-2025-29263

Malicious code in bioql PyPI...

CVE-2025-43802

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the externalReferenceCode parameter in the /o/c/ API endpoint. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input. Details Cross-site scripting or XSS is a code...

Liferay Stored Cross-site Scripting vulnerability

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35 allows remote attackers to inject arbitrary web...

GHSA-VG6H-G5MR-9HGV Liferay Stored Cross-site Scripting vulnerability

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35 allows remote attackers to inject arbitrary web...

CVE-2025-43802

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web...

CVE-2025-43802

CVE-2025-43802 is a stored XSS vulnerability in Liferay Portal/DXP where an attacker can inject arbitrary script via the externalReferenceCode parameter on the /o/c/ API. Affected: Liferay Portal 7.4.3.51–7.4.3.109 and Liferay DXP 2023.Q3.1–2023.Q3.4, plus older 7.4/7.3 updates listed in the inta...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-37774

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.51 through 7.4.3.109 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 update 51 through update 92 Liferay DXP 7.3 update 33 through update 35 Description: A stored cross-site scripting XSS...

CVE-2022-42128

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

CVE-2022-42128

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...