Liferay

Liferay Portal

319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-4604

  • EPSS 0.03%
  • Veröffentlicht 04.08.2025 22:15:28
  • Zuletzt bearbeitet 15.12.2025 16:20:02

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 20...

6.1

CVE-2025-4599

  • EPSS 0.02%
  • Veröffentlicht 04.08.2025 21:18:14
  • Zuletzt bearbeitet 15.12.2025 16:25:10

The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92...

7.5

CVE-2025-3526

  • EPSS 0.14%
  • Veröffentlicht 16.06.2025 14:18:34
  • Zuletzt bearbeitet 16.12.2025 18:45:31

SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote atta...

9.8

CVE-2025-3594

  • EPSS 0.35%
  • Veröffentlicht 16.06.2025 14:13:54
  • Zuletzt bearbeitet 12.12.2025 20:07:35

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to (1) add files to arbitr...

7.5

CVE-2025-3602

  • EPSS 0.12%
  • Veröffentlicht 16.06.2025 13:50:04
  • Zuletzt bearbeitet 16.12.2025 17:03:12

Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attacker...

6.1

CVE-2025-4388

  • EPSS 13.14%
  • Veröffentlicht 06.05.2025 18:15:39
  • Zuletzt bearbeitet 16.12.2025 16:46:21

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through ...

5.4

CVE-2025-3760

  • EPSS 0.04%
  • Veröffentlicht 17.04.2025 12:53:19
  • Zuletzt bearbeitet 16.12.2025 17:00:38

A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1...

4.3

CVE-2025-2565

  • EPSS 0.1%
  • Veröffentlicht 20.03.2025 16:10:06
  • Zuletzt bearbeitet 16.12.2025 18:44:27

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 all...

6.1

CVE-2025-2536

  • EPSS 0.06%
  • Veröffentlicht 19.03.2025 19:00:42
  • Zuletzt bearbeitet 16.12.2025 18:43:10

Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 th...

4.8

CVE-2023-37940

  • EPSS 0.13%
  • Veröffentlicht 17.12.2024 22:15:05
  • Zuletzt bearbeitet 28.01.2025 21:18:48

Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to in...