38 matches found
EUVD-2021-24727
Malware in sbrugna...
EUVD-2025-23557
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
com.liferay:com.liferay.captcha.impl are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper captcha validation which allows attackers to bypass verification and execute scripts in the Gogo shell...
Liferay Portal 7.4.0.x <= 7.4.3.132 Multiple Vulnerabilities
The version of Liferay Portal installed on the remote host is 7.4.x = 7.4.3.132. It is, therefore, affected by multiple vulnerabilities: - A reflected cross-site scripting XSS vulnerability in the Liferay Portal allows an remote non-authenticated attacker to inject JavaScript into the...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
GHSA-3J6H-5V68-HVQG Liferay Portal CAPTCHA Bypass for Gogo Shell
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Captcha process. An attacker can execute arbitrary scripts by bypassing the CAPTCHA check in the Gogo shell. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...
Liferay Portal CAPTCHA Bypass for Gogo Shell
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
CVE-2025-4604
CVE-2025-4604 affects Liferay Portal 7.4.3.80 through 7.4.3.132 and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92. The vulnerability allows bypassi...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
Liferay Portal 跨站脚本漏洞
Liferay Portal is a J2EE-based portal solution from the US company Liferay. The solution uses technologies such as EJB and JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. Liferay Portal suffers from a cross-site scripti...
PT-2025-31872
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.80 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.19 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...
CVE-2021-38269
Cross-site scripting XSS vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell...
BIT-LIFERAY-2021-38269
Cross-site scripting XSS vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell...
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module
Cross-site scripting XSS vulnerability in the Gogo Shell module before 5.0.2 from Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output o...
GHSA-VW6G-GH6C-8QWP Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module
Cross-site scripting XSS vulnerability in the Gogo Shell module before 5.0.2 from Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output o...
Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2022-19499)
Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...