Количество 2
Количество 2
CVE-2025-43823
Cross-site scripting (XSS) vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Commerce Product's Name text field.
GHSA-xx7h-2wf7-hc7p
Liferay Portal is vulnerable to XSS through its Commerce Search Result widget
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-43823 Cross-site scripting (XSS) vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Commerce Product's Name text field. | CVSS3: 5.4 | 0% Низкий | 4 месяца назад |
| GHSA-xx7h-2wf7-hc7p Liferay Portal is vulnerable to XSS through its Commerce Search Result widget | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу