Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30789

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00197EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/24 4:34 p.m.4 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.4AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/09/22 6:30 p.m.4 views

GHSA-JH9H-8XF2-25WJ Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web scripts or HTML via a crafte...

4.8CVSS5.2AI score0.00197EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/22 6:30 p.m.9 views

Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web scripts or HTML via a crafte...

5.4CVSS5.3AI score0.00197EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/09/22 5:16 p.m.3 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

5.4CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/09/22 5:16 p.m.3 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

5.4CVSS5.4AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 4:17 p.m.6 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 4:17 p.m.1 views

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.1AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 4:17 p.m.12 views

CVE-2025-43807

A stored XSS was reported in Liferay Portal and Liferay DXP via the notifications widget. A crafted payload placed in a publication’s Name field can execute arbitrary script in affected users’ browsers. Affected are Liferay Portal 7.4.0–7.4.3.112 and Liferay DXP 2023.Q4.0–2023.Q4.8, 2023.Q3.1–202...

5.4CVSS5.1AI score0.00197EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.4 views

PT-2025-38739

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.112 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 7.4 GA through update 92 Description A stored cross-site scripting XSS issu...

5.4CVSS5.5AI score0.00197EPSS
Exploits0References8
NVD
NVD
added 2020/01/02 7:15 p.m.20 views

CVE-2013-7485

Cross-site scripting XSS vulnerability in the backend in Open-Xchange OX AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this...

6.1CVSS6AI score0.01765EPSS
Exploits0References8
Prion
Prion
added 2019/10/08 8:15 p.m.16 views

Cross site scripting

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...

3.5CVSS5.3AI score0.00526EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/10/08 7:23 p.m.22 views

CVE-2019-0376

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...

5.4AI score0.00526EPSS
Exploits0References2
Rows per page
Query Builder