Lucene search
K

27433 matches found

OSV
OSV
added 2023/05/24 3:30 p.m.35 views

GHSA-WVHW-5M89-64GV Cross-site scripting in Liferay Portal

Cross-site scripting XSS vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object...

4.8CVSS5.4AI score0.00522EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/05/24 3:30 p.m.31 views

Cross-site scripting in Liferay Portal

Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...

5.4CVSS6.1AI score0.00528EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/24 3:30 p.m.28 views

Cross-site scripting in Liferay Portal

Cross-site scripting XSS vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's 1 First Name, 2 Middle Name, 3 Last Name, ...

5.4CVSS5.8AI score0.00446EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/24 3:15 p.m.44 views

CVE-2023-33941

Multiple cross-site scripting XSS vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the 1 code, or 2...

6.1CVSS6.6AI score0.00462EPSS
Exploits0References1
NVD
NVD
added 2023/05/24 3:15 p.m.19 views

CVE-2023-33943

Cross-site scripting XSS vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's 1 First Name, 2 Middle Name, 3 Last Name, ...

5.4CVSS5.3AI score0.00446EPSS
Exploits0References1
OSV
OSV
added 2023/05/24 3:15 p.m.29 views

CVE-2023-33942

Cross-site scripting XSS vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title field...

5.4CVSS6AI score0.00533EPSS
Exploits0References1
Prion
Prion
added 2023/05/24 3:15 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's 1 First Name, 2 Middle Name, 3 Last Name, ...

4.9CVSS5.3AI score0.00446EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/05/24 3:15 p.m.21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the 1 code, or 2...

5.8CVSS6AI score0.00462EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/05/24 3:15 p.m.28 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title field...

4.9CVSS5.3AI score0.00533EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/05/24 3:7 p.m.24 views

CVE-2023-33944

Cross-site scripting XSS vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's UR...

4.8CVSS6.1AI score0.00533EPSS
Exploits0References1
CVE
CVE
added 2023/05/24 3:7 p.m.90 views

CVE-2023-33944

CVE-2023-33944 is an XSS vulnerability in the Liferay Layout module affecting Liferay Portal 7.3.4–7.4.3.68 and Liferay DXP 7.3 (pre‑update 24) and 7.4 (pre‑update 69). The flaw permits remote attackers to inject arbitrary script/HTML via a crafted payload in a container type layout fragment’s UR...

6.1CVSS5.9AI score0.00533EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/05/24 2:57 p.m.26 views

CVE-2023-33943

Cross-site scripting XSS vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's 1 First Name, 2 Middle Name, 3 Last Name, ...

5.4CVSS5.5AI score0.00446EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/24 2:57 p.m.13 views

CVE-2023-33943

Cross-site scripting XSS vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's 1 First Name, 2 Middle Name, 3 Last Name, ...

5.4CVSS6AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2023/05/24 2:15 p.m.24 views

CVE-2023-33940

Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...

5.4CVSS5.2AI score0.00528EPSS
Exploits0References1
OSV
OSV
added 2023/05/24 2:15 p.m.26 views

CVE-2023-33939

Cross-site scripting XSS vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted...

5.4CVSS6AI score0.00522EPSS
Exploits0References1
Prion
Prion
added 2023/05/24 2:15 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object...

5.8CVSS6AI score0.00522EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/05/24 1:20 p.m.66 views

CVE-2023-33938

CVE-2023-33938 is a documented XSS vulnerability in the App Builder module of Liferay Portal/DXP (affecting Liferay Portal 7.3.0–7.4.0 and Liferay DXP 7.3 prior to update 14). The flaw occurs on the App Builder custom object details page, where an attacker can inject arbitrary web script or HTML ...

6.1CVSS5.9AI score0.00522EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2023/05/24 1:15 p.m.26 views

CVE-2023-33937

Stored cross-site scripting XSS vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's name fiel...

5.4CVSS5.2AI score0.00446EPSS
Exploits0References1
Prion
Prion
added 2023/05/24 1:15 p.m.26 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's name fiel...

4.9CVSS5.2AI score0.00446EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/05/24 12:16 p.m.35 views

CVE-2023-33937

Stored cross-site scripting XSS vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's name fiel...

5.4CVSS5.4AI score0.00446EPSS
Exploits0References1
Rows per page
Query Builder