Количество 2
Количество 2
CVE-2025-43821
Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Commerce Product's Name text field.
GHSA-fjrp-77f3-43xj
Liferay Portal is vulnerable to XSS through its Commerce Product's Name text field
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-43821 Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Commerce Product's Name text field. | CVSS3: 5.4 | 0% Низкий | 4 месяца назад |
| GHSA-fjrp-77f3-43xj Liferay Portal is vulnerable to XSS through its Commerce Product's Name text field | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу