5 matches found
Liferay Portal is vulnerable to XSS attack through its Style Book theme
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then reflected and executed within the user's browser...
GHSA-QGJ5-4QVG-2F8C Liferay Portal is vulnerable to XSS attack through its Style Book theme
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then reflected and executed within the user's browser...
CVE-2025-43774
Connected sources describe a reflected XSS in Liferay Portal 7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.17, exploitable when a remote authenticated user injects JavaScript via the Style Book theme name. The issue is reflected in the user’s browser; no concrete fix/version is provided in the supp...
CVE-2025-43774
...
PT-2025-36537
Name of the Vulnerable Software and Affected Versions: Liferay Portal version 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.17 Description: A reflected cross-site scripting XSS vulnerability exists in Liferay Portal and DXP. A remote authenticated user can inject JavaScript code via th...