Lucene search
K

8 matches found

CVE
CVE
added 2025/10/27 9:44 p.m.17 views

CVE-2025-62260

CVE-2025-62260 affects Liferay Portal 7.4.0–7.4.3.99 and Liferay DXP 2023.Q3.1–2023.Q3.4 (also 7.4 GA up to update 92 and 7.3 GA up to update 35; older unsupported versions) where the Headless API does not limit the number of returned objects. This enables remote attackers to trigger denial-of-se...

7.5CVSS6.6AI score0.00351EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/10/27 7:38 p.m.4 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

4.8CVSS5.5AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.5 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

4.8CVSS6.4AI score0.00264EPSS
Exploits0References2
CNVD
CNVD
added 2022/12/23 12:0 a.m.53 views

IBM Navigator for I SQL Injection Vulnerability

IBM Navigator for i is a console interface used in IBMi by International Business Machines IBM to perform and manage critical tasks in IBMi. IBM Navigator for i is vulnerable to SQL injection in versions 7.3, 7.4, and 7.5. The vulnerability stems from the application's lack of validation of...

6.3CVSS3.1AI score0.00579EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.5 views

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and more. A security vulnerability exists in Liferay Portal...

6.1CVSS5.8AI score0.00496EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/25 4:16 p.m.2 views

CVE-2022-26597

Cross-site scripting XSS vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name...

6.1CVSS5.9AI score0.00674EPSS
Exploits0References2
OSV
OSV
added 2020/07/14 1:15 p.m.0 views

CVE-2020-4513

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182368...

6.1CVSS5.4AI score0.0073EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:26 p.m.28 views

Security Bulletin: A vulnerability in Apache Xerces-C XML Parser library affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-0729 )

Summary Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input documents, an attacker could exploit this vulnerability to cause the library to crash or possibly execute...

9.8CVSS1.6AI score0.09115EPSS
Exploits0Affected Software1
Rows per page
Query Builder