Cross-Site Scripting (XSS)

com.liferay, com.liferay.layout.type.controller.display.page is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of user input in friendly URLs, which allows a remote unauthenticated attacker to inject malicious JavaScript into web content and...

Liferay Portal Vulnerable to Cross-Site Scripting through URLs

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...

CVE-2025-43742

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...

CVE-2025-43742

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...

CVE-2025-43742

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows ...

CVE-2022-42127

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page...

Multiple Vulnerabilities in OpenClassifieds 1.7.0.3

I understand that this is a vain hope that bugtraq will start posting something useful. Author:Michael Brooks Rookbr Application:OpenClassifieds 1.7.0.3br download: http://open-classifieds.com/download/br Exploit chain:captcha bypass-sqliinsert-persistant xss on front pagebr If registration is...

About the ipb the latest that 2 vulnerability-vulnerability warning-the black bar safety net

5up3rh3i'blog Vulnerability Bulletin 1. Local include vulnerability Is mainly due to the ipb themselves to achieve friendly URLs function to extract the url parameter filtering not the whole cause ofor that is overly dependent on IPSLib::cleanGlobals of the filter,and simply ignores the parameter...

Oscailt CMS 3.3 - Local File Inclusion

Oscailt CMS 3.3 - Local File Inclusion 0 Oscailt 3.3 CMS 0 Download: http://sourceforge.net/projects/oscailt/ 0 Bug: Local File Inclusion in index.php file ! 0 Author: [email protected] 0 Team: Fatal Error 0 Poc: http://www.site.com/index.php?objid=/../../../../../../../../../../proc/self/environ%...