5 matches found
EUVD-2025-27611
Malicious code in bioql PyPI...
Liferay Portal is vulnerable to Reflected XSS attack through get_editor path
A reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML...
GHSA-JHGR-J9CJ-8J62 Liferay Portal is vulnerable to Reflected XSS attack through get_editor path
A reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML...
CVE-2025-43783
Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML vi...
CVE-2025-43783
Reflected XSS in Liferay Portal and Liferay DXP due to insufficient input sanitization in the /c/portal/comment/discussion/get_editor endpoint. Affected: Portal 7.4.3.73–7.4.3.128 and DXP 2024.Q3.0–2024.Q3.1, 2024.Q2.0–2024.Q2.13, 2024.Q1.1–2024.Q1.12, and 7.4 update 73–92. Impact: remote attacke...