2 matches found
CVE-2025-43826
The CVE-2025-43826 entry describes a Stored XSS in Liferay Portal/DXP Web Content Translation via rich text fields. Affected: Liferay Portal 7.4.0–7.4.3.112 and older, Liferay DXP 2023.Q4.0–2023.Q4.8, 2023.Q3.1–2023.Q3.10, and 7.4 GA up to update 92 (all older unsupported versions). Root cause: i...
CVE-2022-38902
A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...