Lucene search
K

159 matches found

RedhatCVE
RedhatCVE
added 2025/09/30 10:46 p.m.9 views

CVE-2025-43811

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

4.8CVSS5.4AI score0.00205EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/30 12:30 a.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the related asset selector. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into the First Name, Middle Name, or Last Name text fields. Details Cross-sit...

5.4CVSS5.4AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2025/09/30 12:30 a.m.7 views

GHSA-2856-XF2F-6VRF Liferay Portal vulnerable to cross-site scripting in the related asset selector

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

4.8CVSS5.5AI score0.00205EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.7 views

PT-2025-40036

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

4.8CVSS5.4AI score0.00205EPSS
Exploits0References6
OSV
OSV
added 2025/09/29 10:15 p.m.7 views

CVE-2025-43820

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2025/09/29 10:15 p.m.8 views

CVE-2025-43820

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

5.4CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/09/29 10:15 p.m.6 views

CVE-2025-43811

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

5.4CVSS5.4AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2025/09/29 10:15 p.m.7 views

CVE-2025-43811

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

5.4CVSS0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/29 9:59 p.m.3 views

CVE-2025-43811

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

4.8CVSS5AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/09/29 9:59 p.m.15 views

CVE-2025-43811

Summary (validated): CVE-2025-43811 describes stored XSS in Liferay Portal/DXP via the related asset selector, allowing remote authenticated users to inject scripts by crafting payloads into the asset author’s First/Middle/Last Name fields. Affected products include Liferay Portal 7.4.3.50–7.4.3....

5.4CVSS5AI score0.00205EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/09/29 9:59 p.m.10 views

CVE-2025-43811

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

4.8CVSS0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/29 9:48 p.m.8 views

CVE-2025-43820

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

4.8CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/09/29 9:48 p.m.18 views

CVE-2025-43820

A validated XSS vulnerability in the Liferay Calendar widget allows remote attackers to inject arbitrary scripts via crafted input in the user’s First Name, Middle text, or Last Name fields. Affected are Liferay Portal 7.4.3.35–7.4.3.110 and Liferay DXP 2023.Q4.0–2023.Q4.4, plus 7.3 Update 25–35 ...

5.4CVSS5.5AI score0.00197EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.6 views

PT-2025-39908

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.110 Liferay DXP versions 2023.Q4.0 through 2023.Q4.4 Liferay DXP versions 2023.Q3.1 through 2023.Q3.6 Liferay Portal versions 7.4 update 35 through update 92 Liferay Portal version 7.3 update 25...

4.8CVSS6AI score0.00197EPSS
Exploits0References7
NVD
NVD
added 2025/09/27 2:15 a.m.6 views

CVE-2025-8440

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/27 12:0 a.m.5 views

PT-2025-39704

Name of the Vulnerable Software and Affected Versions Team Members plugin for WordPress versions up to and including 5.3.5 Description The Team Members plugin for WordPress is susceptible to Stored Cross-Site Scripting through the first and last name fields. Insufficient input sanitization and...

6.4CVSS5.2AI score0.00222EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2025/09/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-21650

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...

10CVSS6.7AI score0.9348EPSS
In wildExploits1References2
GithubExploit
GithubExploit
added 2025/08/21 6:6 p.m.353 views

Exploit for CVE-2025-55287

CVE-2025-55287-POC Authenticated Stored Cross-Site Scripting...

8CVSS6.3AI score0.00298EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.5 views

CVE-2024-3868

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

5.4CVSS6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:11 p.m.19 views

CVE-2021-36739

The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...

6.1CVSS5.9AI score0.02327EPSS
Exploits0
Rows per page
Query Builder