159 matches found
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the related asset selector. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into the First Name, Middle Name, or Last Name text fields. Details Cross-sit...
GHSA-2856-XF2F-6VRF Liferay Portal vulnerable to cross-site scripting in the related asset selector
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
PT-2025-40036
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
CVE-2025-43820
Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...
CVE-2025-43820
Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
CVE-2025-43811
Summary (validated): CVE-2025-43811 describes stored XSS in Liferay Portal/DXP via the related asset selector, allowing remote authenticated users to inject scripts by crafting payloads into the asset author’s First/Middle/Last Name fields. Affected products include Liferay Portal 7.4.3.50–7.4.3....
CVE-2025-43811
Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...
CVE-2025-43820
Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...
CVE-2025-43820
A validated XSS vulnerability in the Liferay Calendar widget allows remote attackers to inject arbitrary scripts via crafted input in the user’s First Name, Middle text, or Last Name fields. Affected are Liferay Portal 7.4.3.35–7.4.3.110 and Liferay DXP 2023.Q4.0–2023.Q4.4, plus 7.3 Update 25–35 ...
PT-2025-39908
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.110 Liferay DXP versions 2023.Q4.0 through 2023.Q4.4 Liferay DXP versions 2023.Q3.1 through 2023.Q3.6 Liferay Portal versions 7.4 update 35 through update 92 Liferay Portal version 7.3 update 25...
CVE-2025-8440
The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
PT-2025-39704
Name of the Vulnerable Software and Affected Versions Team Members plugin for WordPress versions up to and including 5.3.5 Description The Team Members plugin for WordPress is susceptible to Stored Cross-Site Scripting through the first and last name fields. Insufficient input sanitization and...
VulnCheck KEV: CVE-2024-21650
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...
Exploit for CVE-2025-55287
CVE-2025-55287-POC Authenticated Stored Cross-Site Scripting...
CVE-2024-3868
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2021-36739
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...