Lucene search
+L

368 matches found

ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.10 views

PT-2026-54521

Name of the Vulnerable Software and Affected Versions Plone versions 7.0.0 through 7.0.1 Plone versions 6.0.0 through 6.0.3 Plone versions 5.0.0 through 5.0.7 Description A critical remote code execution RCE flaw allows TALES injection via the Classic portlet. TALES is a templating language used ...

6.6AI score
Exploits0References3
attackerkb
attackerkb
added 2026/05/27 7:55 a.m.6 views

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS6.1AI score0.01584EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2026/02/02 10:58 p.m.1 views

CVE-2025-6596 Vector inserts portlet labels as HTML, allowing for stored XSS through system messages

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...

5.3AI score0.00386EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/02 10:58 p.m.34 views

CVE-2025-6596 Vector inserts portlet labels as HTML, allowing for stored XSS through system messages

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...

0.00386EPSS
Exploits0References1
cve
cve
added 2026/02/02 10:58 p.m.39 views

CVE-2025-6596

CVE-2025-6596 affects Wikimedia Foundation Vector (MediaWiki skin). The issue is an XSS vulnerability in Vector’s portlets.Js files (resources/skins.Vector.Js/portlets.Js and resources/skins.Vector.Legacy.Js/portlets.Js) that affects Vector versions 1.40.0 and later, up to but not including 1.42....

5.3AI score0.00386EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.7 views

CVE-2021-33332

Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.9AI score0.00845EPSS
Exploits0References1
veracode
veracode
added 2025/12/04 6:12 a.m.7 views

Insecure Direct Object Reference (IDOR)

com.liferay.commerce, com.liferay.commerce.order.content.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the CommerceOrderPortletcommerceOrderId parameter, which allows an attacker to access shipment addresses from other virtual...

5.3CVSS6.7AI score0.00254EPSS
Exploits0References5Affected Software1
veracode
veracode
added 2025/11/18 1:16 p.m.6 views

Reflected Cross-site Scripting (XSS)

com.liferay, com.liferay.product.navigation.control.menu.web is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortletbackURLTitle parameter, which allows an attacker to inject arbitrary web script ...

6.1CVSS6.1AI score0.00224EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2025/10/28 7:53 p.m.5 views

CVE-2025-62253

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redire...

6.9CVSS7.1AI score0.00228EPSS
Exploits0References1
euvd
euvd
added 2025/10/27 9:30 p.m.5 views

EUVD-2025-36353

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redire...

6.9CVSS6.5AI score0.00228EPSS
Exploits0References2
osv
osv
added 2025/10/27 9:30 p.m.5 views

GHSA-2PWH-9Q9Q-5R9C Liferay Portal Vulnerable to Open Redirect via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redire...

6.9CVSS7.1AI score0.00228EPSS
Exploits0References5
github
github
added 2025/10/27 9:30 p.m.12 views

Liferay Portal Vulnerable to Open Redirect via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redire...

6.9CVSS7.1AI score0.00228EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2025/10/27 7:16 p.m.5 views

CVE-2025-62253

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redire...

6.9CVSS0.00228EPSS
Exploits0References1
euvd
euvd
added 2025/10/22 9:31 p.m.6 views

EUVD-2025-35628

Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting XSS...

4.8CVSS5.5AI score0.00216EPSS
Exploits0References4
osv
osv
added 2025/10/22 9:31 p.m.6 views

GHSA-PHJR-P9C5-HPRX Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS)

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS6.1AI score0.00216EPSS
Exploits0References5
snyk
snyk
added 2025/10/22 9:31 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the definition parameter of the Dynamic Data Mapping portlet. An authenticated attacker can execute arbitrary JavaScript code in the context of a user's browser by crafting a malicious request and tricking a...

4.8CVSS5.2AI score0.00216EPSS
Exploits0References2
github
github
added 2025/10/22 9:31 p.m.10 views

Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS)

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS6.1AI score0.00216EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2025/10/22 7:15 p.m.7 views

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS0.00216EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/22 7:7 p.m.10 views

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS0.00216EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/10/22 7:7 p.m.6 views

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS5.7AI score0.00216EPSS
Exploits0References1
Rows per page
Query Builder