CVE-2025-43733
- EPSS 0.22%
- Veröffentlicht 18.08.2025 12:06:07
- Zuletzt bearbeitet 18.08.2025 20:16:28
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious paylo...
CVE-2025-43734
- EPSS 0.24%
- Veröffentlicht 12.08.2025 18:51:55
- Zuletzt bearbeitet 13.08.2025 17:33:46
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 throu...
CVE-2025-43735
- EPSS 0.07%
- Veröffentlicht 12.08.2025 12:19:09
- Zuletzt bearbeitet 12.08.2025 14:25:33
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA throu...
CVE-2025-43736
- EPSS 0.06%
- Veröffentlicht 12.08.2025 11:15:26
- Zuletzt bearbeitet 12.08.2025 14:25:33
A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 t...
- EPSS 0.05%
- Veröffentlicht 09.08.2025 04:46:13
- Zuletzt bearbeitet 11.08.2025 18:32:48
SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, ...
CVE-2025-4581
- EPSS 0.07%
- Veröffentlicht 09.08.2025 04:14:22
- Zuletzt bearbeitet 11.08.2025 18:32:48
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authenti...
CVE-2025-4576
- EPSS 0.07%
- Veröffentlicht 08.08.2025 15:42:34
- Zuletzt bearbeitet 08.08.2025 20:30:18
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 throug...
CVE-2025-4604
- EPSS 0.06%
- Veröffentlicht 04.08.2025 22:15:28
- Zuletzt bearbeitet 05.08.2025 14:34:17
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 20...
- EPSS 0.06%
- Veröffentlicht 04.08.2025 21:18:14
- Zuletzt bearbeitet 05.08.2025 14:34:17
The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92...
CVE-2025-3526
- EPSS 0.41%
- Veröffentlicht 16.06.2025 14:18:34
- Zuletzt bearbeitet 17.06.2025 20:50:23
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote atta...