Количество 2
Количество 2
CVE-2025-43807
Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a publication’s “Name” text field.
GHSA-jh9h-8xf2-25wj
Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-43807 Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a publication’s “Name” text field. | CVSS3: 5.4 | 0% Низкий | 5 месяцев назад |
| GHSA-jh9h-8xf2-25wj Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу