EUVD-2021-29306

Malicious code in bioql PyPI...

EUVD-2025-25148

Malicious code in bioql PyPI...

EUVD-2025-25174

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the message boards feature allowing remote authenticated attackers to inject malicious JavaScript via the web interface...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation due to message board threads and categories allowing remote authenticated users to inject malicious JavaScript...

CVE-2025-43740

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

CVE-2025-43731

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

GHSA-22JP-W3CG-GVMM Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

CVE-2025-43740

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

CVE-2025-43740

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

CVE-2025-43740

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

CVE-2025-43740

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

CVE-2025-43740

CVE-2025-43740 is a stored XSS vulnerability in Liferay Portal and Liferay DXP. Affected: Liferay Portal 7.4.3.120–7.4.3.132 and Liferay DXP 2025.Q1.0–Q2.8 (also Q4/Q3/Q2/Q1 2024). The issue allows a remote authenticated attacker to inject JavaScript via the web interface’s message boards feature...

PT-2025-33726 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.120 through 7.4.3.132 Liferay DXP versions 2025.Q2.0 through 2025.Q2.8 Liferay DXP versions 2025.Q1.0 through 2025.Q1.15 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through...

GHSA-3P2M-574V-V257 Liferay Portal Vulnerable to Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows ...