Количество 2
Количество 2
CVE-2025-43817
Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the `redirect` parameter to (1) Announcements, or (2) Alerts.
GHSA-m4hg-46pw-6mmv
Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-43817 Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the `redirect` parameter to (1) Announcements, or (2) Alerts. | CVSS3: 6.1 | 0% Низкий | 4 месяца назад |
| GHSA-m4hg-46pw-6mmv Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу