Liferay

Portal

113 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2025-43787

  • EPSS 0.18%
  • Veröffentlicht 12.09.2025 16:09:33
  • Zuletzt bearbeitet 15.09.2025 15:21:42

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 th...

5.3

CVE-2025-43788

  • EPSS 0.15%
  • Veröffentlicht 12.09.2025 02:22:29
  • Zuletzt bearbeitet 15.09.2025 15:22:38

The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all orga...

1

CVE-2025-43789

  • EPSS 0.03%
  • Veröffentlicht 12.09.2025 02:00:54
  • Zuletzt bearbeitet 15.09.2025 15:22:38

JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.

7.4

CVE-2025-43790

  • EPSS 0.15%
  • Veröffentlicht 11.09.2025 17:54:13
  • Zuletzt bearbeitet 15.09.2025 15:22:38

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virt...

5.3

CVE-2025-43782

  • EPSS 0.15%
  • Veröffentlicht 11.09.2025 17:26:30
  • Zuletzt bearbeitet 15.09.2025 15:22:38

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a wor...

5.1

CVE-2025-43783

  • EPSS 0.2%
  • Veröffentlicht 10.09.2025 20:15:33
  • Zuletzt bearbeitet 11.09.2025 17:14:10

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote at...

6.2

CVE-2025-43784

  • EPSS 0.04%
  • Veröffentlicht 10.09.2025 19:11:20
  • Zuletzt bearbeitet 11.09.2025 17:14:10

Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entries information via the A...

4.6

CVE-2025-43785

  • EPSS 0.18%
  • Veröffentlicht 10.09.2025 16:19:07
  • Zuletzt bearbeitet 11.09.2025 17:14:10

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitra...

6.9

CVE-2025-43786

  • EPSS 0.06%
  • Veröffentlicht 09.09.2025 19:08:52
  • Zuletzt bearbeitet 11.09.2025 17:14:25

Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determi...

5.3

CVE-2025-43781

  • EPSS 0.2%
  • Veröffentlicht 09.09.2025 18:48:35
  • Zuletzt bearbeitet 11.09.2025 17:14:25

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary w...