Lucene search
+L

15 matches found

OSV
OSV
added 2024/02/07 3:30 p.m.64 views

GHSA-9VGQ-W5PV-V77Q Liferay Portal stored cross-site scripting (XSS) vulnerability

Stored cross-site scripting XSS vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote...

9.6CVSS6.2AI score0.00563EPSS
Exploits0References3
NVD
NVD
added 2024/02/07 3:15 p.m.50 views

CVE-2024-25145

Stored cross-site scripting XSS vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote...

9.6CVSS7.5AI score0.00563EPSS
Exploits0References1
OSV
OSV
added 2024/02/07 3:15 p.m.37 views

CVE-2024-25145

Stored cross-site scripting XSS vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote...

5.4CVSS5.2AI score0.00563EPSS
Exploits0References1
CVE
CVE
added 2024/02/07 2:57 p.m.84 views

CVE-2024-25145

CVE-2024-25145 describes a stored cross-site scripting (XSS) vulnerability in the Portal Search module’s Search Result app of Liferay Portal 7.2.0–7.4.3.11, and older unsupported versions, plus certain Liferay DXP builds. The issue allows remote authenticated users to inject arbitrary script/HTML...

9.6CVSS5AI score0.00563EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2022/11/15 12:0 p.m.5 views

GHSA-MR77-4PM4-X9VM Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module

A Cross-site scripting XSS vulnerability in the Portal Search module before 6.0.12 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag...

6.1CVSS6.2AI score0.00897EPSS
Exploits0References6
NVD
NVD
added 2022/11/15 1:15 a.m.31 views

CVE-2022-42118

A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...

6.1CVSS0.00897EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 12:0 a.m.23 views

CVE-2022-42118

A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter...

6.1CVSS5.9AI score0.00897EPSS
Exploits0References4
OSV
OSV
added 2022/10/19 12:0 p.m.4 views

GHSA-7F7G-VHFF-MJQJ Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget before 6.0.45 from Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via...

5.4CVSS5.2AI score0.00479EPSS
Exploits0References7
NVD
NVD
added 2022/10/18 9:15 p.m.17 views

CVE-2022-42112

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

5.4CVSS0.00479EPSS
Exploits0References1
Prion
Prion
added 2022/10/18 9:15 p.m.23 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

4.9CVSS5.3AI score0.00479EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.2 views

PT-2022-26257 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.24 Liferay DXP 7.2 before fix pack 19 Liferay DXP 7.3 before update 5 Liferay DXP 7.4 before update 25 Description: A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget...

5.4CVSS5.3AI score0.00479EPSS
Exploits0References12
OSV
OSV
added 2022/10/18 12:0 a.m.19 views

CVE-2022-42112

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

5.4CVSS5.8AI score0.00479EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/23 12:0 a.m.6 views

Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module

In Search Web before v6.0.19 in Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerabili...

6.1CVSS5.9AI score0.00391EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2022/09/23 12:0 a.m.5 views

GHSA-7R3W-WGGM-PJWF Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module

In Search Web before v6.0.19 in Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerabili...

6.1CVSS5.9AI score0.00391EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/09/21 11:22 p.m.28 views

CVE-2022-28979

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute...

6.1AI score0.00391EPSS
Exploits0References2
Rows per page
Query Builder