GHSA-ccrc-5vp5-vp5j

Suggest an improvement
Source
https://github.com/advisories/GHSA-ccrc-5vp5-vp5j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-ccrc-5vp5-vp5j/GHSA-ccrc-5vp5-vp5j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-ccrc-5vp5-vp5j
Aliases
Published
2025-09-17T00:31:12Z
Modified
2025-11-07T22:09:40.259215Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Liferay search widget vulnerable to Cross-site Scripting
Details

There is a Cross-site scripting (XSS) vulnerability in Liferay Portal's Search widget . Versions 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allow remote attackers to inject arbitrary web scripts or HTML via the _com_liferay_portal_search_web_portlet_SearchPortlet_userId parameter.

Database specific 
{
    "github_reviewed": true,
    "nvd_published_at": "2025-09-16T23:15:33Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2025-09-17T19:10:17Z",
    "severity": "MODERATE"
}
References

Affected packages

Maven / com.liferay:com.liferay.portal.search

Package

Name
com.liferay:com.liferay.portal.search
View open source insights on deps.dev
Purl
pkg:maven/com.liferay/com.liferay.portal.search

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.93

Affected versions

1.*
1.0.0
2.*
2.0.0
2.0.1
3.*
3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.2.0
3.3.0
3.3.1
3.3.2
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.4.10
3.4.11
3.4.12
3.4.13
3.4.14
3.4.15
3.5.0
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
3.6.9
3.6.10
3.6.11
3.7.0
3.7.1
3.7.2
3.8.0
3.8.1
3.8.2
3.9.0
3.9.1
3.9.2
3.9.3
3.9.4
3.9.5
3.9.6
3.9.7
3.9.8
3.9.9
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.18
4.0.19
4.0.20
4.0.21
4.0.22
4.0.23
4.0.24
4.0.25
4.0.26
4.0.27
4.0.28
4.0.29
4.0.30
4.0.31
4.0.32
4.0.33
4.0.34
4.0.35
4.0.36
4.0.37
4.0.38
4.0.39
4.0.40
4.0.41
4.0.42
4.0.43
4.0.44
4.0.45
4.0.46
4.0.47
4.0.48
4.0.49
4.0.50
4.0.51
4.0.52
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.30
5.0.31
5.0.32
5.0.33
5.0.34
5.0.35
5.0.36
5.0.37
5.0.38
5.0.39
5.0.40
5.0.41
5.0.42
5.0.43
5.0.44
5.0.45
5.0.46
5.0.47
5.0.48
5.0.49
5.0.50
5.0.51
5.0.52
5.0.53
5.0.54
5.0.55
5.0.56
5.0.57
5.0.58
5.0.59
5.0.60
5.0.61
5.0.62
5.0.63
5.0.64
5.0.65
5.0.66
5.0.67
5.0.68
5.0.69
5.0.70
5.0.71
5.0.72
5.0.73
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16
6.0.17
6.0.18
6.0.19
6.0.20
6.0.21
6.0.22
6.0.23
6.0.24
6.0.25
6.0.26
6.0.27
6.0.28
6.0.29
6.0.30
6.0.31
6.0.32
6.0.33
6.0.34
6.0.35
6.0.36
6.0.37
6.0.38
6.0.39
6.0.40
6.0.41
6.0.42
6.0.43
6.0.44
6.0.45
6.0.46
6.0.47
6.0.48
6.0.49
6.0.50
6.0.51
6.0.52
6.0.53
6.0.54
6.0.55
6.0.56
6.0.57
6.0.58
6.0.59
6.0.60
6.0.61
6.0.62
6.0.63
6.0.64
6.0.65
6.0.66
6.0.67
6.0.68
6.0.69
6.0.70
6.0.71
6.0.72
6.0.73
6.0.74
6.0.75
6.0.76
6.0.77
6.0.78
6.0.79
6.0.80
6.0.81
6.0.82
6.0.83
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7
7.0.8
7.0.9
7.0.10
7.0.11
7.0.12
7.0.13
7.0.14
7.0.15
7.0.16
7.0.17
7.0.18
7.0.19
7.0.20
7.0.21
7.0.22
7.0.23
7.0.24
7.0.25
7.0.26
7.0.27
7.0.28
7.0.29
7.0.30
7.0.31
7.0.32
7.0.33
7.0.34
7.0.35
7.0.36
7.0.37
7.0.38
7.0.39
7.0.40
7.0.41
7.0.42
7.0.43
7.0.44
7.0.45
7.0.46
7.0.47
7.0.48
7.0.49
7.0.50
7.0.51
7.0.52
7.0.53
7.0.54
7.0.55
7.0.56
7.0.57
7.0.58
7.0.59
7.0.60
7.0.61
7.0.62
7.0.63
7.0.64
7.0.65
7.0.66
7.0.67
7.0.68
7.0.69
7.0.70
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.0.8
8.0.9
8.0.10
8.0.11
8.0.12
8.0.13
8.0.14
8.0.15
8.0.16
8.0.17
8.0.18
8.0.19
8.0.20
8.0.21
8.0.22
8.0.23
8.0.24
8.0.25
8.0.26
8.0.27
8.0.28
8.0.29
8.0.30
8.0.31
8.0.32
8.0.33
8.0.34
8.0.35
8.0.36
8.0.37
8.0.38
8.0.39
8.0.40
8.0.41
8.0.42
8.0.43
8.0.44
8.0.45
8.0.46
8.0.47
8.0.48
8.0.49
8.0.50
8.0.51
8.0.52
8.0.53
8.0.54
8.0.55
8.0.56
8.0.57
8.0.58
8.0.59
8.0.60
8.0.61
8.0.62
8.0.63
8.0.64
8.0.65
8.0.66
8.0.67
8.0.68
8.0.69
8.0.70
8.0.71
8.0.72
8.0.73
8.0.74
8.0.75
8.0.76
8.0.77
8.0.78
8.0.79
8.0.80
8.0.81
8.0.82
8.0.83
8.0.84
8.0.85
8.0.86
8.0.87
8.0.88
8.0.89
8.0.90
8.0.91
8.0.92

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-ccrc-5vp5-vp5j/GHSA-ccrc-5vp5-vp5j.json"