9 matches found
Liferay Portal 7.4.3.8 < 7.4.3.112 XSS
Reflected cross-site scripting XSS vulnerability in Language Override in Liferay Portal allows remote attackers to inject arbitrary web script or HTML via the comliferayportallanguageoverridewebinternalportletPLOPortletselectedLanguageId parameter. Note that Nessus has not tested for this issue b...
CVE-2025-62264
Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectedLanguageId parameter. An attacker can execute arbitrary web scripts or inject HTML by supplying crafted input to this parameter. Details Cross-site scripting or XSS is a code vulnerability that...
GHSA-2J97-4JMQ-C4XF Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter
Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2025-62264
Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2025-62264
Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2025-62264
Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...
PT-2025-44660
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.8 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Description A reflected cross-site scripting XSS issue exists in the Language Override...
NodAPS 4.0 - SQL injection Cross-Site Request Forgery
NodAPS 4.0 - SQL injection Cross-Site Request Forgery Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery Date: 2018-05-16 Exploit Author: Borna nematzadeh L0RD Vendor Homepage:...