Liferay

Portal

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-43811

  • EPSS 0.17%
  • Published 29.09.2025 22:15:34
  • Last modified 02.10.2025 19:12:42

Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows ...

6.9

CVE-2025-43816

  • EPSS 0.06%
  • Published 25.09.2025 20:15:34
  • Last modified 26.09.2025 14:32:19

A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA throug...

5.3

CVE-2025-43819

  • EPSS 0.04%
  • Published 24.09.2025 02:15:31
  • Last modified 24.09.2025 18:11:24

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an r...

6.9

CVE-2025-43779

  • EPSS 0.2%
  • Published 24.09.2025 01:15:30
  • Last modified 24.09.2025 18:11:24

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_li...

5.3

CVE-2025-43810

  • EPSS 0.14%
  • Published 22.09.2025 23:15:37
  • Last modified 24.09.2025 18:11:34

Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authentic...

6.9

CVE-2025-43814

  • EPSS 0.18%
  • Published 22.09.2025 23:15:37
  • Last modified 24.09.2025 18:11:34

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password ...

5.3

CVE-2025-43806

  • EPSS 0.15%
  • Published 22.09.2025 22:15:43
  • Last modified 24.09.2025 18:11:34

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authe...

4.8

CVE-2025-43807

  • EPSS 0.17%
  • Published 22.09.2025 16:17:24
  • Last modified 22.09.2025 21:22:33

Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to ...

6.9

CVE-2025-43808

  • EPSS 0.19%
  • Published 19.09.2025 20:37:22
  • Last modified 22.09.2025 21:23:01

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documen...

5.1

CVE-2025-43809

  • EPSS 0.06%
  • Published 19.09.2025 19:15:50
  • Last modified 22.09.2025 21:23:01

Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.9, 7.4 GA thro...