Publish Advisories

GHSA-876g-49r6-33qj
GHSA-88g3-pv3w-5wmr
GHSA-x5fw-8xgx-q6c9

Author: advisory-database[bot]

advisories/github-reviewed/2025/08/GHSA-876g-49r6-33qj/GHSA-876g-49r6-33qj.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-876g-49r6-33qj",
-  "modified": "2025-08-29T22:07:28Z",
+  "modified": "2025-12-20T02:51:48Z",
   "published": "2025-08-29T21:32:02Z",
   "aliases": [
     "CVE-2025-43773"
   ],
   "summary": "Liferay Portal allows improper access through the expandoTableLocalService",
-  "details": "Liferay Portal  7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.",
+  "details": "Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.",
   "severity": [
     {
       "type": "CVSS_V4",

advisories/github-reviewed/2025/09/GHSA-88g3-pv3w-5wmr/GHSA-88g3-pv3w-5wmr.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-88g3-pv3w-5wmr",
-  "modified": "2025-09-11T13:32:49Z",
+  "modified": "2025-12-20T02:52:39Z",
   "published": "2025-09-09T21:30:26Z",
   "aliases": [
     "CVE-2025-43775"
   ],
   "summary": "Liferay Portal is vulnerable to XSS attacks via its remote app title field",
-  "details": "Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via remote app title field.",
+  "details": "A stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via remote app title field.",
   "severity": [
     {
       "type": "CVSS_V4",

advisories/github-reviewed/2025/09/GHSA-x5fw-8xgx-q6c9/GHSA-x5fw-8xgx-q6c9.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x5fw-8xgx-q6c9",
-  "modified": "2025-09-11T13:31:32Z",
+  "modified": "2025-12-20T02:53:14Z",
   "published": "2025-09-09T21:30:26Z",
   "aliases": [
     "CVE-2025-43781"
   ],
   "summary": "Liferay Portal is vulnerable to XSS attack through its search bar portlet",
-  "details": "Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web script or HTML via the URL in search bar portlet",
+  "details": "A reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web script or HTML via the URL in search bar portlet",
   "severity": [
     {
       "type": "CVSS_V4",