12 matches found
SUSE CVE-2025-14987
When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...
Cross-site Scripting
Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input validation and output encoding in the My Workflow Tasks page due to user-supplied task/comment fields being stored without sanitization. An attacker can submit crafted content that is saved and later...
EUVD-2025-27605
Malicious code in bioql PyPI...
CVE-2025-43785
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks...
GHSA-66X6-8JGV-QPFH Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks...
CVE-2025-43785
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...
CVE-2025-43785
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...
CVE-2025-43785
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...
CVE-2025-43785
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...
CVE-2025-43785
CVE-2025-43785 is a stored XSS in Liferay Portal 7.4.3.45–7.4.3.128 and Liferay DXP 2024 Q2.0–Q2.9, 2024.Q1.1–Q1.12, and 7.4 update 45–update 92. The vulnerability affects the My Workflow Tasks page and can allow remote attackers to inject arbitrary script/HTML. Root cause and affected component ...
PT-2025-37067
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.45 through 7.4.3.128 Liferay DXP versions 2024 Q1.1 through 2024.Q1.12 Liferay DXP versions 2024 Q2.0 through 2024.Q2.9 Liferay versions 7.4 update 45 through update 92 Description: A stored cross-site scripting...