27433 matches found
Cross Site Scripting
Liferay Portal is vulnerable to Cross Site Scripting. The vulnerability is due to inadequate input validation and output sanitization on the Language Override edit screen, allowing remote attackers to inject arbitrary web script or HTML via the...
Cross-site Scripting (XSS)
The Calendar module in Liferay Portal is vulnerable to Cross-site Scripting. The vulnerability is due to not escaping the user-supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event...
Cross-Site Scripting
liferay portal is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation in the portlet.js module of the Frontend JS library. This flaws allowing attackers to inject arbitrary web script or HTML via the anchor hash part of a URL...
Cross-Site Scripting
liferay portal is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper validation of the filename of an attachment in the Message Board widget, allowing remote authenticated users to inject arbitrary web script or HTML...
Cross-Site Scripting
liferay.portal are vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input validation in the Dynamic Data Mapping module's DDMForm, allowing remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter...
CVE-2024-25895
A reflected cross-site scripting XSS vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php...
CVE-2024-25895
A reflected cross-site scripting XSS vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php...
GHSA-Q2CV-7J58-RFMJ Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...
Cross site scripting
Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...
CVE-2023-47795
Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...
CVE-2024-25151
The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...
GHSA-RWHV-HVJ2-QRQM Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Reflected cross-site scripting XSS vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the...
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Reflected cross-site scripting XSS vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the...
GHSA-P28X-4R5H-PH6J Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...
CVE-2024-25151
The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...
CVE-2024-26266
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...