Liferay

Portal

145 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-62261

  • EPSS 0.02%
  • Veröffentlicht 27.10.2025 21:11:46
  • Zuletzt bearbeitet 10.11.2025 21:49:33

Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which a...

4.4

CVE-2025-62262

  • EPSS 0.02%
  • Veröffentlicht 27.10.2025 20:39:23
  • Zuletzt bearbeitet 10.11.2025 22:03:58

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and ...

5.4

CVE-2025-62263

  • EPSS 0.04%
  • Veröffentlicht 27.10.2025 19:38:44
  • Zuletzt bearbeitet 10.11.2025 22:05:08

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web ...

6.9

CVE-2025-62253

  • EPSS 0.19%
  • Veröffentlicht 27.10.2025 18:54:47
  • Zuletzt bearbeitet 30.10.2025 15:05:32

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsuppo...

7.5

CVE-2025-62254

  • EPSS 0.2%
  • Veröffentlicht 23.10.2025 22:16:34
  • Zuletzt bearbeitet 10.11.2025 22:14:11

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions ...

2

CVE-2025-62255

  • EPSS 0.19%
  • Veröffentlicht 23.10.2025 18:47:18
  • Zuletzt bearbeitet 27.10.2025 13:20:15

Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsuppor...

5.3

CVE-2025-62256

  • EPSS 0.02%
  • Veröffentlicht 23.10.2025 13:41:42
  • Zuletzt bearbeitet 10.11.2025 22:14:32

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in cert...

6.5

CVE-2025-62247

  • EPSS 0.04%
  • Veröffentlicht 22.10.2025 19:27:25
  • Zuletzt bearbeitet 09.12.2025 21:33:43

Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 thro...

4.8

CVE-2025-62248

  • EPSS 0.04%
  • Veröffentlicht 22.10.2025 19:15:35
  • Zuletzt bearbeitet 09.12.2025 21:33:54

A reflected cross-site scripting (XSS) vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7,...

6.9

CVE-2025-62249

  • EPSS 0.07%
  • Veröffentlicht 21.10.2025 18:12:45
  • Zuletzt bearbeitet 21.10.2025 19:31:25

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throug...