Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/09/09 3:30 a.m.13 views

Liferay Portal is vulnerable to XSS attack through its Style Book theme

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then reflected and executed within the user's browser...

5.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2025/09/09 3:30 a.m.4 views

GHSA-QGJ5-4QVG-2F8C Liferay Portal is vulnerable to XSS attack through its Style Book theme

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then reflected and executed within the user's browser...

2.1CVSS6AI score
Exploits0References5
CVE
CVE
added 2025/09/09 12:26 a.m.21 views

CVE-2025-43774

Connected sources describe a reflected XSS in Liferay Portal 7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.17, exploitable when a remote authenticated user injects JavaScript via the Style Book theme name. The issue is reflected in the user’s browser; no concrete fix/version is provided in the supp...

5.3AI score
Exploits0
Cvelist
Cvelist
added 2025/09/09 12:26 a.m.7 views

CVE-2025-43774

...

Exploits0
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.7 views

PT-2025-36537

Name of the Vulnerable Software and Affected Versions: Liferay Portal version 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.17 Description: A reflected cross-site scripting XSS vulnerability exists in Liferay Portal and DXP. A remote authenticated user can inject JavaScript code via th...

2.1CVSS5.3AI score
Exploits0References10
Rows per page
Query Builder