CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4585 matches found

CVE•added 2025/09/30 10:36 p.m.•17 views

CVE-2025-43826

The CVE-2025-43826 entry describes a Stored XSS in Liferay Portal/DXP Web Content Translation via rich text fields. Affected: Liferay Portal 7.4.0–7.4.3.112 and older, Liferay DXP 2023.Q4.0–2023.Q4.8, 2023.Q3.1–2023.Q3.10, and 7.4 GA up to update 92 (all older unsupported versions). Root cause: i...

5.4CVSS5.3AI score0.00205EPSS

Exploits0References1Affected Software2

Positive Technologies•added 2025/09/30 12:0 a.m.•7 views

PT-2025-40049

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

4.8CVSS5.9AI score0.00197EPSS

Exploits0References4

CVE•added 2025/09/29 9:38 p.m.•13 views

CVE-2025-43818

CVE-2025-43818 is an XSS vulnerability in the Calendar widget of Liferay Portal and DXP products. A crafted payload entered into the Calendar Name field can inject arbitrary script/HTML across affected versions: Liferay Portal 7.4.3.35–7.4.3.110; Liferay DXP 2023.Q4.0–2023.Q4.4, 2023.Q3.1–2023.Q3...

6.1CVSS5.5AI score0.00207EPSS

Exploits0References1Affected Software2

Cvelist•added 2025/09/29 9:19 p.m.•8 views

CVE-2025-43815

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...

5.1CVSS0.00224EPSS

Exploits0References1

CNNVD•added 2025/09/29 12:0 a.m.•2 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS version 11.4 and earlier, which stems from a stored...

4.8CVSS6.1AI score0.00207EPSS

Exploits0References2

Positive Technologies•added 2025/09/29 12:0 a.m.•4 views

PT-2025-39902

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.110 Liferay DXP versions 2023.Q3.1 through 2023.Q3.6 Liferay DXP versions 2023.Q4.0 through 2023.Q4.4 Liferay Portal versions 7.4 update 35 through update 92 Liferay Portal version 7.3 update 25...

6.1CVSS5.6AI score0.00207EPSS

Exploits0References12

CVE•added 2025/09/25 12:0 a.m.•14 views

CVE-2025-29156

The CVE-2025-29156 entry concerns the Swagger Petstore sample (petstore) software, version 1.0.7, with a Cross Site Scripting (XSS) vulnerability in the /api/v3/pet endpoint. The root cause is input handling that allows crafted scripts to be processed, enabling a remote attacker to execute arbitr...

6.1CVSS6.7AI score0.0035EPSS

Exploits0References3Affected Software1

OSV•added 2025/09/22 6:30 p.m.•4 views

GHSA-JH9H-8XF2-25WJ Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web scripts or HTML via a crafte...

4.8CVSS5.2AI score0.00197EPSS

Exploits0References5

Cvelist•added 2025/09/22 4:17 p.m.•6 views

CVE-2025-43807

4.8CVSS0.00197EPSS

Exploits0References1

RedhatCVE•added 2025/09/17 10:46 p.m.•7 views

CVE-2025-43802

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web...

4.8CVSS5.5AI score0.00243EPSS

Exploits0References1

RedhatCVE•added 2025/09/17 7:52 p.m.•9 views

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

4.8CVSS5.9AI score0.00207EPSS

Exploits0References1

Github Security Blog•added 2025/09/17 12:31 a.m.•8 views

Liferay search widget vulnerable to Cross-site Scripting

There is a Cross-site scripting XSS vulnerability in Liferay Portal's Search widget . Versions 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allow remote attackers to inject arbitrary web scripts or HTML via the...

6.1CVSS6.1AI score0.00216EPSS

Exploits0References5Affected Software1

OSV•added 2025/09/16 12:30 a.m.•5 views

GHSA-VG6H-G5MR-9HGV Liferay Stored Cross-site Scripting vulnerability

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35 allows remote attackers to inject arbitrary web...

4.8CVSS5.6AI score0.00243EPSS

Exploits0References3

Positive Technologies•added 2025/09/16 12:0 a.m.•5 views

PT-2025-38092

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.93 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Description: A cross-site scripting XSS vulnerability exists in the Search widget. This allows remote attackers ...

5.1CVSS5.3AI score0.00216EPSS

Exploits0References6

OSV•added 2025/09/15 9:30 p.m.•6 views

GHSA-JFV5-R382-XVWH Liferay Portal Cross-site Scripting (XSS) vulnerability

4.8CVSS6AI score0.00207EPSS

Exploits0References3

NVD•added 2025/09/15 7:15 p.m.•6 views

CVE-2025-43800

6.1CVSS0.00207EPSS

Exploits0References1

OSV•added 2025/09/15 7:15 p.m.•4 views

CVE-2025-43800

6.1CVSS5.9AI score0.00207EPSS

Exploits0References1

CVE•added 2025/09/15 7:7 p.m.•18 views

CVE-2025-43800

CVE-2025-43800 affects Liferay Portal/ Liferay DXP where a vulnerability in Rich Text fields of Objects allows remote attackers to inject arbitrary scripts via crafted payloads. Affected: Liferay Portal 7.4.3.20–7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, and 7.4 GA through update 9...

6.1CVSS5.5AI score0.00207EPSS

Exploits0References1Affected Software2

OSV•added 2025/09/15 6:15 p.m.•4 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

6.1CVSS5.8AI score0.00199EPSS

Exploits0References1

OSV•added 2025/09/10 8:15 p.m.•6 views

CVE-2025-43783

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML vi...

6.1CVSS5.7AI score0.00228EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by